Lucene search

K
MozillaSeamonkey

704 matches found

cve
cve
added 2013/01/13 8:55 p.m.86 views

CVE-2013-0770

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.8AI score0.00939EPSS
cve
cve
added 2013/02/19 11:55 p.m.86 views

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

5.8CVSS8.8AI score0.01287EPSS
cve
cve
added 2007/10/21 8:17 p.m.85 views

CVE-2007-5334

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

4.3CVSS6.2AI score0.11557EPSS
cve
cve
added 2008/02/08 10:0 p.m.85 views

CVE-2008-0412

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityServ...

9.3CVSS6.8AI score0.08849EPSS
cve
cve
added 2008/03/27 10:44 a.m.85 views

CVE-2008-1233

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

6.8CVSS9.8AI score0.2223EPSS
cve
cve
added 2008/12/17 11:30 p.m.85 views

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a reso...

6.8CVSS9.7AI score0.01236EPSS
cve
cve
added 2009/04/22 6:30 p.m.85 views

CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

5CVSS9.3AI score0.02083EPSS
cve
cve
added 2010/12/10 7:0 p.m.85 views

CVE-2010-3766

Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.

9.3CVSS9.5AI score0.06704EPSS
cve
cve
added 2011/05/07 6:55 p.m.85 views

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.03127EPSS
cve
cve
added 2011/08/18 6:55 p.m.85 views

CVE-2011-2981

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript c...

9.3CVSS9.3AI score0.01281EPSS
cve
cve
added 2013/09/18 10:8 a.m.85 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors i...

9.3CVSS9.3AI score0.03159EPSS
cve
cve
added 2013/09/18 10:8 a.m.85 views

CVE-2013-1738

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fra...

9.3CVSS9.4AI score0.03359EPSS
cve
cve
added 2013/10/30 10:55 a.m.85 views

CVE-2013-5603

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memor...

10CVSS7.3AI score0.0527EPSS
cve
cve
added 2014/02/06 5:44 a.m.85 views

CVE-2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

10CVSS9.4AI score0.01089EPSS
cve
cve
added 2006/04/14 10:2 a.m.84 views

CVE-2006-1732

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the wi...

4.3CVSS5.5AI score0.02208EPSS
cve
cve
added 2007/08/08 1:17 a.m.84 views

CVE-2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of...

9.3CVSS7.1AI score0.43235EPSS
cve
cve
added 2007/10/21 7:17 p.m.84 views

CVE-2007-5340

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

4.3CVSS6.5AI score0.1475EPSS
cve
cve
added 2008/02/08 10:0 p.m.84 views

CVE-2008-0415

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...

4.3CVSS6.4AI score0.01482EPSS
cve
cve
added 2010/03/25 9:0 p.m.84 views

CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to t...

5CVSS7.6AI score0.00424EPSS
cve
cve
added 2010/02/18 6:0 p.m.84 views

CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which a...

4.3CVSS7.5AI score0.00704EPSS
cve
cve
added 2012/04/25 10:10 a.m.84 views

CVE-2012-0471

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

4.3CVSS7.7AI score0.00722EPSS
cve
cve
added 2012/10/10 5:55 p.m.84 views

CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecifie...

9.3CVSS9.6AI score0.09485EPSS
cve
cve
added 2013/08/07 1:55 a.m.84 views

CVE-2013-1705

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

10CVSS7.6AI score0.05283EPSS
cve
cve
added 2013/09/18 10:8 a.m.84 views

CVE-2013-1720

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitr...

6.8CVSS9.5AI score0.0194EPSS
cve
cve
added 2013/09/18 10:8 a.m.84 views

CVE-2013-1728

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

4.3CVSS8.7AI score0.00769EPSS
cve
cve
added 2014/03/19 10:55 a.m.84 views

CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

6.8CVSS9.1AI score0.00284EPSS
cve
cve
added 2015/01/14 11:59 a.m.84 views

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixa...

6.8CVSS9.2AI score0.01476EPSS
cve
cve
added 2006/07/27 8:4 p.m.83 views

CVE-2006-3810

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

6.8CVSS5.3AI score0.1364EPSS
cve
cve
added 2006/11/08 9:7 p.m.83 views

CVE-2006-5748

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corrupt...

5CVSS7.5AI score0.12326EPSS
cve
cve
added 2006/12/20 1:28 a.m.83 views

CVE-2006-6503

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

6.8CVSS5.5AI score0.21579EPSS
cve
cve
added 2007/10/21 7:17 p.m.83 views

CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

4.3CVSS6.8AI score0.20176EPSS
cve
cve
added 2008/09/24 8:37 p.m.83 views

CVE-2008-0016

Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

10CVSS9.8AI score0.35536EPSS
cve
cve
added 2008/11/13 11:30 a.m.83 views

CVE-2008-5017

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

10CVSS9.4AI score0.17422EPSS
cve
cve
added 2010/07/30 8:30 p.m.83 views

CVE-2010-1208

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with ...

9.3CVSS9.3AI score0.01552EPSS
cve
cve
added 2010/10/21 7:0 p.m.83 views

CVE-2010-3176

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or pos...

9.3CVSS9.4AI score0.05142EPSS
cve
cve
added 2010/12/10 7:0 p.m.83 views

CVE-2010-3767

Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.

9.3CVSS9.7AI score0.0415EPSS
cve
cve
added 2010/12/10 7:0 p.m.83 views

CVE-2010-3772

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.

9.3CVSS9.6AI score0.0553EPSS
cve
cve
added 2011/08/18 6:55 p.m.83 views

CVE-2011-2989

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code...

10CVSS9.8AI score0.0402EPSS
cve
cve
added 2011/12/21 4:2 a.m.83 views

CVE-2011-3663

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.

4.3CVSS9.1AI score0.00961EPSS
Web
cve
cve
added 2012/11/21 12:55 p.m.83 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
cve
cve
added 2012/11/21 12:55 p.m.83 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
cve
cve
added 2014/12/11 11:59 a.m.83 views

CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

6.8CVSS5AI score0.01693EPSS
cve
cve
added 2006/06/02 7:2 p.m.82 views

CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

6.4CVSS7.3AI score0.07236EPSS
cve
cve
added 2006/07/27 7:4 p.m.82 views

CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects...

7.5CVSS7.3AI score0.29557EPSS
cve
cve
added 2008/02/08 10:0 p.m.82 views

CVE-2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session ...

4.3CVSS6.5AI score0.38662EPSS
cve
cve
added 2008/02/09 1:0 a.m.82 views

CVE-2008-0593

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL,...

4.3CVSS6.3AI score0.00806EPSS
cve
cve
added 2008/03/27 10:44 a.m.82 views

CVE-2008-1234

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

4.3CVSS7.9AI score0.08249EPSS
cve
cve
added 2008/12/17 11:30 p.m.82 views

CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNati...

6.8CVSS9.8AI score0.05142EPSS
cve
cve
added 2009/06/12 9:30 p.m.82 views

CVE-2009-1841

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.

9.3CVSS7.8AI score0.04241EPSS
cve
cve
added 2010/02/22 1:0 p.m.82 views

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlock...

10CVSS8.8AI score0.02147EPSS
Total number of security vulnerabilities704