Lucene search

K
MozillaSeamonkey1.1

261 matches found

CVE
CVE
added 2008/09/24 8:37 p.m.61 views

CVE-2008-3835

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

7.5CVSS9.6AI score0.00434EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.61 views

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted ...

9.3CVSS7.8AI score0.04629EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.61 views

CVE-2009-3373

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.6AI score0.13491EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.61 views

CVE-2010-3181

Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.61 views

CVE-2012-1944

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

4.3CVSS8AI score0.00696EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attack...

4.3CVSS9.1AI score0.01172EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.60 views

CVE-2009-1304

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definit...

5CVSS9.2AI score0.0502EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.60 views

CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

9.3CVSS7.2AI score0.01985EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.60 views

CVE-2009-3980

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS10AI score0.04407EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.60 views

CVE-2010-0167

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors ...

9.3CVSS9.5AI score0.22871EPSS
CVE
CVE
added 2010/09/15 8:0 p.m.60 views

CVE-2010-3400

The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force...

5.8CVSS9.1AI score0.00345EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.60 views

CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows ...

5CVSS8.7AI score0.00712EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.60 views

CVE-2012-0474

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS7.3AI score0.00685EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.60 views

CVE-2013-6674

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a rela...

4.3CVSS7.8AI score0.23161EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.59 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onready...

4.3CVSS6AI score0.02008EPSS
CVE
CVE
added 2009/06/25 5:30 p.m.59 views

CVE-2009-2210

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.

9.3CVSS9.7AI score0.05533EPSS
CVE
CVE
added 2010/03/23 12:53 a.m.59 views

CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object ...

7.1CVSS6AI score0.01388EPSS
CVE
CVE
added 2010/06/24 12:30 p.m.59 views

CVE-2010-1197

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.59 views

CVE-2011-3001

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecifi...

4.3CVSS9AI score0.00201EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.59 views

CVE-2011-3232

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

9.3CVSS9.6AI score0.04655EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.59 views

CVE-2012-0443

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02624EPSS
CVE
CVE
added 2009/07/20 6:30 p.m.58 views

CVE-2009-2535

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

5CVSS8.9AI score0.10788EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.58 views

CVE-2011-2986

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data i...

5CVSS9.2AI score0.00379EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.58 views

CVE-2012-1964

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clic...

4CVSS9.1AI score0.00878EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.57 views

CVE-2002-2436

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a re...

4.3CVSS5.6AI score0.00732EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.57 views

CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

7.5CVSS7.8AI score0.03972EPSS
CVE
CVE
added 2010/04/05 5:30 p.m.57 views

CVE-2010-0181

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an...

4.3CVSS9AI score0.0264EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.57 views

CVE-2011-2997

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02981EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.57 views

CVE-2012-0447

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an IC...

5CVSS8.9AI score0.006EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.57 views

CVE-2012-1946

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via doc...

9.3CVSS9.6AI score0.01451EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.57 views

CVE-2012-3105

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows rem...

9.3CVSS8.1AI score0.03223EPSS
CVE
CVE
added 2009/08/13 4:30 p.m.56 views

CVE-2008-6961

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

4.3CVSS9AI score0.00651EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.56 views

CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive informa...

7.8CVSS9.2AI score0.00812EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.56 views

CVE-2012-1960

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out...

5CVSS8.6AI score0.00542EPSS
CVE
CVE
added 2010/03/23 12:53 a.m.55 views

CVE-2010-0163

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, rel...

4.3CVSS7.3AI score0.05442EPSS
CVE
CVE
added 2010/06/25 7:30 p.m.55 views

CVE-2010-1206

The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is current...

4.3CVSS8.8AI score0.00477EPSS
CVE
CVE
added 2010/09/09 7:0 p.m.55 views

CVE-2010-2770

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data...

9.3CVSS8.9AI score0.03775EPSS
CVE
CVE
added 2011/12/21 4:2 a.m.55 views

CVE-2011-3665

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.

7.5CVSS9.6AI score0.03707EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.55 views

CVE-2012-1949

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vector...

9.3CVSS9.9AI score0.03749EPSS
CVE
CVE
added 2006/10/31 10:7 p.m.54 views

CVE-2006-5633

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. N...

5CVSS7.2AI score0.15729EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.54 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

5CVSS6.6AI score0.02196EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.54 views

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

7.5CVSS6.3AI score0.00923EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.54 views

CVE-2012-0463

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after even...

7.5CVSS9.7AI score0.04347EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.54 views

CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-renderin...

9.3CVSS9.6AI score0.01525EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.54 views

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involv...

2.6CVSS9AI score0.00289EPSS
CVE
CVE
added 2008/09/27 10:30 a.m.53 views

CVE-2008-4070

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled ...

10CVSS10AI score0.01718EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.53 views

CVE-2011-2987

Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors...

10CVSS9.7AI score0.07952EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.53 views

CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED...

4.3CVSS7.7AI score0.23161EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.52 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS8.9AI score0.00178EPSS
Total number of security vulnerabilities261