Lucene search

K

605 matches found

CVE
CVE
added 2013/01/13 8:55 p.m.88 views

CVE-2013-0752

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that ...

9.3CVSS9.4AI score0.02834EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.88 views

CVE-2013-0756

Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing Jav...

9.3CVSS9.3AI score0.01375EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.88 views

CVE-2013-0763

Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors r...

9.3CVSS9.3AI score0.01107EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.88 views

CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote att...

9.3CVSS9.2AI score0.01519EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.88 views

CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack v...

9.8CVSS9.2AI score0.02013EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.87 views

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory...

5CVSS6.1AI score0.1399EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.87 views

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

6.8CVSS6.7AI score0.27207EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.87 views

CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

9.3CVSS10AI score0.25259EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.87 views

CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. ...

4.3CVSS8.4AI score0.06172EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.87 views

CVE-2010-0171

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeo...

4.3CVSS7.6AI score0.03476EPSS
CVE
CVE
added 2010/04/05 5:30 p.m.87 views

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors th...

9.3CVSS9.5AI score0.09816EPSS
CVE
CVE
added 2010/06/24 12:30 p.m.87 views

CVE-2010-1202

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitra...

9.3CVSS9.9AI score0.07324EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.87 views

CVE-2012-0460

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted...

6.4CVSS9AI score0.01798EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.87 views

CVE-2012-1954

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corru...

10CVSS9.7AI score0.03397EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.87 views

CVE-2012-1962

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corr...

10CVSS9.7AI score0.03397EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.87 views

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

5.8CVSS8.8AI score0.01287EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.87 views

CVE-2013-5603

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memor...

10CVSS7.3AI score0.0527EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.87 views

CVE-2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

10CVSS9.4AI score0.01089EPSS
CVE
CVE
added 2008/02/08 10:0 p.m.86 views

CVE-2008-0412

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityServ...

9.3CVSS6.8AI score0.08849EPSS
CVE
CVE
added 2008/02/12 3:0 a.m.86 views

CVE-2008-0416

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as white...

4.3CVSS5.4AI score0.06627EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.86 views

CVE-2008-3837

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a v...

9.3CVSS9.6AI score0.35534EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.86 views

CVE-2008-5508

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.

4.3CVSS9.8AI score0.02341EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.86 views

CVE-2010-3776

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl...

9.3CVSS10AI score0.03801EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.86 views

CVE-2011-0066

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

10CVSS9.5AI score0.04219EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.86 views

CVE-2013-0770

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.8AI score0.00939EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.86 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors i...

9.3CVSS9.3AI score0.03159EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.86 views

CVE-2013-1738

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fra...

9.3CVSS9.4AI score0.03359EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.86 views

CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

6.8CVSS9.1AI score0.00284EPSS
CVE
CVE
added 2015/01/14 11:59 a.m.86 views

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixa...

6.8CVSS9.2AI score0.01476EPSS
CVE
CVE
added 2007/10/21 8:17 p.m.85 views

CVE-2007-5334

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

4.3CVSS6.2AI score0.11557EPSS
CVE
CVE
added 2008/02/08 10:0 p.m.85 views

CVE-2008-0415

Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...

4.3CVSS6.4AI score0.01482EPSS
CVE
CVE
added 2008/03/27 10:44 a.m.85 views

CVE-2008-1233

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

6.8CVSS9.8AI score0.2223EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.85 views

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a reso...

6.8CVSS9.7AI score0.01236EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.85 views

CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

5CVSS9.3AI score0.02083EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.85 views

CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to t...

5CVSS7.6AI score0.00424EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.85 views

CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which a...

4.3CVSS7.5AI score0.00704EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.85 views

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.03127EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.85 views

CVE-2012-0471

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

4.3CVSS7.7AI score0.00722EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.85 views

CVE-2013-1705

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

10CVSS7.6AI score0.05283EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.85 views

CVE-2013-1720

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitr...

6.8CVSS9.5AI score0.0194EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.85 views

CVE-2013-1728

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

4.3CVSS8.7AI score0.00769EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.85 views

CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

6.8CVSS5AI score0.01693EPSS
CVE
CVE
added 2007/10/21 7:17 p.m.84 views

CVE-2007-5340

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

4.3CVSS6.5AI score0.1475EPSS
CVE
CVE
added 2010/07/30 8:30 p.m.84 views

CVE-2010-1208

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with ...

9.3CVSS9.3AI score0.01552EPSS
CVE
CVE
added 2011/12/21 4:2 a.m.84 views

CVE-2011-3663

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.

4.3CVSS9.1AI score0.00961EPSS
Web
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecifie...

9.3CVSS9.6AI score0.09485EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.84 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.84 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.84 views

CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

4.3CVSS9.1AI score0.00552EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.84 views

CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

4.3CVSS8.9AI score0.0052EPSS
Total number of security vulnerabilities605