Seamonkey Security Vulnerabilities and Issues — Seamonkey CVE List

Lucene search

MozillaSeamonkey

66 matches found

CVE•added 2010/04/05 5:30 p.m.•291 views

CVE-2010-0178

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and ...

7.6CVSS9.5AI score0.0493EPSS

CVE•added 2014/09/25 5:55 p.m.•288 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.41418EPSS

CVE•added 2014/03/19 10:55 a.m.•140 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different ...

7.5CVSS8.5AI score0.00542EPSS

CVE•added 2015/03/24 12:59 a.m.•133 views

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

7.5CVSS9.3AI score0.01278EPSS

CVE•added 2006/02/02 8:6 p.m.•128 views

CVE-2006-0294

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

7.5CVSS7.3AI score0.07642EPSS

CVE•added 2011/06/30 4:55 p.m.•116 views

CVE-2011-2373

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

7.6CVSS9.5AI score0.02711EPSS

CVE•added 2014/02/06 5:44 a.m.•108 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS

CVE•added 2009/03/05 2:30 a.m.•106 views

CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

7.1CVSS9.2AI score0.00865EPSS

CVE•added 2010/10/21 7:0 p.m.•102 views

CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cry...

7.5CVSS8.9AI score0.02346EPSS

CVE•added 2015/01/14 11:59 a.m.•102 views

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

7.5CVSS9.5AI score0.01841EPSS

CVE•added 2008/09/24 8:37 p.m.•100 views

CVE-2008-4060

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument...

7.5CVSS9.8AI score0.03029EPSS

CVE•added 2014/02/06 5:44 a.m.•100 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS

CVE•added 2015/01/14 11:59 a.m.•100 views

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

7.5CVSS9.3AI score0.83612EPSS

CVE•added 2013/11/20 2:12 p.m.•99 views

CVE-2013-5607

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash...

7.5CVSS7AI score0.02604EPSS

CVE•added 2012/03/14 7:55 p.m.•98 views

CVE-2012-0461

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of ...

7.5CVSS10AI score0.01359EPSS

CVE•added 2015/01/14 11:59 a.m.•98 views

CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

7.5CVSS10AI score0.0143EPSS

CVE•added 2014/02/06 5:44 a.m.•95 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

7.5CVSS8.3AI score0.00501EPSS

CVE•added 2012/03/14 7:55 p.m.•93 views

CVE-2012-0459

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execut...

7.5CVSS9.7AI score0.03436EPSS

CVE•added 2006/07/27 8:4 p.m.•90 views

CVE-2006-3809

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

7.5CVSS6.7AI score0.02964EPSS

CVE•added 2006/07/27 8:4 p.m.•88 views

CVE-2006-3801

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.

7.5CVSS6.8AI score0.27761EPSS

CVE•added 2013/12/11 3:55 p.m.•88 views

CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

7.5CVSS9.5AI score0.0173EPSS

CVE•added 2012/11/21 12:55 p.m.•86 views

CVE-2012-5836

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.

7.5CVSS8.7AI score0.01871EPSS

CVE•added 2006/07/27 7:4 p.m.•85 views

CVE-2006-3677

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

7.5CVSS7.4AI score0.81109EPSS

CVE•added 2006/07/27 7:4 p.m.•82 views

CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects...

7.5CVSS7.3AI score0.29557EPSS

CVE•added 2007/02/16 1:28 a.m.•82 views

CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to ...

7.5CVSS6.3AI score0.17452EPSS

Web

CVE•added 2006/07/27 8:4 p.m.•80 views

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMe...

7.5CVSS7.7AI score0.18952EPSS

CVE•added 2006/11/08 10:7 p.m.•80 views

CVE-2006-5463

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.

7.5CVSS6.8AI score0.09098EPSS

CVE•added 2014/02/06 5:44 a.m.•80 views

CVE-2014-1485

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient sty...

7.5CVSS9.4AI score0.00964EPSS

CVE•added 2006/07/27 7:4 p.m.•79 views

CVE-2006-3807

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the const...

7.5CVSS7.2AI score0.2749EPSS

CVE•added 2008/07/07 11:41 p.m.•79 views

CVE-2008-2802

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

7.5CVSS7.5AI score0.06797EPSS

CVE•added 2008/11/13 11:30 a.m.•79 views

CVE-2008-5024

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X documen...

7.5CVSS9.8AI score0.07219EPSS

CVE•added 2011/12/21 4:2 a.m.•79 views

CVE-2011-3658

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving ...

7.5CVSS9.5AI score0.75876EPSS

CVE•added 2012/02/11 2:55 a.m.•79 views

CVE-2012-0452

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBi...

7.5CVSS9.6AI score0.01801EPSS

CVE•added 2006/11/08 9:7 p.m.•78 views

CVE-2006-5747

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

7.5CVSS7.2AI score0.12453EPSS

CVE•added 2008/11/13 11:30 a.m.•78 views

CVE-2008-5023

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

7.5CVSS9.8AI score0.1839EPSS

CVE•added 2009/12/17 5:30 p.m.•78 views

CVE-2009-3986

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

7.6CVSS9.7AI score0.0243EPSS

CVE•added 2006/04/14 10:2 a.m.•77 views

CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

7.6CVSS6.4AI score0.05041EPSS

CVE•added 2006/07/27 8:4 p.m.•77 views

CVE-2006-3808

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.

7.5CVSS6.5AI score0.02341EPSS

CVE•added 2012/03/14 7:55 p.m.•77 views

CVE-2012-0463

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after even...

7.5CVSS9.7AI score0.04347EPSS

CVE•added 2012/03/14 7:55 p.m.•77 views

CVE-2012-0464

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code vi...

7.5CVSS9.5AI score0.02116EPSS

CVE•added 2006/04/14 10:2 a.m.•76 views

CVE-2006-1724

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

7.5CVSS7.3AI score0.27339EPSS

CVE•added 2012/06/05 11:55 p.m.•76 views

CVE-2012-1942

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.

7.2CVSS6.2AI score0.00045EPSS

CVE•added 2006/04/14 10:2 a.m.•75 views

CVE-2006-1530

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2008/11/13 11:30 a.m.•75 views

CVE-2008-5022

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the...

7.5CVSS10AI score0.13446EPSS

CVE•added 2006/07/27 8:4 p.m.•74 views

CVE-2006-3805

The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

7.5CVSS7.2AI score0.23003EPSS

CVE•added 2011/12/21 4:2 a.m.•74 views

CVE-2011-3661

YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

7.5CVSS9.6AI score0.04527EPSS

CVE•added 2012/03/14 7:55 p.m.•73 views

CVE-2012-0462

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and appli...

7.5CVSS10AI score0.01977EPSS

CVE•added 2006/04/14 10:2 a.m.•72 views

CVE-2006-1723

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2008/09/24 8:37 p.m.•71 views

CVE-2008-4068

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this informati...

7.8CVSS9.4AI score0.0017EPSS

CVE•added 2006/04/14 10:2 a.m.•70 views

CVE-2006-1529

7.5CVSS7.4AI score0.30625EPSS

Total number of security vulnerabilities66