Lucene search
K
MozillaThunderbird Esr

228 matches found

CVE
CVE
added 2013/06/26 1:0 a.m.1176 views

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

9.3CVSS7.4AI score0.69021EPSS
In wild
CVE
CVE
added 2013/05/16 10:0 a.m.1082 views

CVE-2013-1675

CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...

6.5CVSS8.7AI score0.06696EPSS
In wild
CVE
CVE
added 2013/03/14 10:0 p.m.801 views

CVE-2013-2566

CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...

5.9CVSS5.7AI score0.84424EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.256 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.248 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.220 views

CVE-2018-5150

CVE-2018-5150 concerns memory safety bugs in Firefox 59/ESR 52.7 and Thunderbird 52.7, with potential memory corruption that could allow arbitrary code execution. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7.9AI score0.0318EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.201 views

CVE-2018-5155

CVE-2018-5155 is a use-after-free in the layout code when processing SVG text-paths during animations, causing a potentially exploitable crash. Affected products include Thunderbird and Firefox: Thunderbird < 52.8 (including ESR), and Firefox

9.8CVSS7AI score0.03493EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.201 views

CVE-2018-5159

CVE-2018-5159 describes an integer overflow in the Skia library caused by 32-bit integer use in an array without bounds checks, leading to out-of-bounds writes. This can crash web content and is potentially exploitable. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, F...

9.8CVSS6.9AI score0.21288EPSS
CVE
CVE
added 2012/04/25 10:0 a.m.198 views

CVE-2012-0469

CVE-2012-0469 is a use-after-free in Mozilla Firefox/Thunderbird/SeaMonkey components involving the IndexedDB IDBKeyRange cycleCollection Trace path. Affects Firefox 4.x–11.0, ESR 10.x before 10.0.4, Thunderbird 5.0–11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9. Root cause: u...

10CVSS9.4AI score0.0743EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.197 views

CVE-2018-5154

CVE-2018-5154 is a use-after-free in the enumeration of attributes during SVG animations with clip paths, causing a potentially exploitable crash. Affected: Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, Firefox ESR

9.8CVSS7AI score0.03302EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.195 views

CVE-2018-5168

CVE-2018-5168 is a vulnerability in Thunderbird and Firefox where an attacker can bypass permission checks by manipulating the baseURI of the theme element, enabling a user interaction-free installation of a theme that could contain offensive images. Affected products and versions per the records...

5.3CVSS6.6AI score0.0238EPSS
CVE
CVE
added 2013/05/16 10:0 a.m.191 views

CVE-2013-0801

CVE-2013-0801 is a memory-corruption vulnerability in the Mozilla Firefox/Thunderbird browser engine. Affected: Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6. Impact per docs: remote Denial of Service and possible arbitrary ...

10CVSS9.9AI score0.05391EPSS
CVE
CVE
added 2012/11/21 11:0 a.m.187 views

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

9.3CVSS9.2AI score0.08439EPSS
CVE
CVE
added 2012/06/05 11:0 p.m.181 views

CVE-2012-0441

The CVE-2012-0441 issue affects the NSS ASN.1 decoder QuickDER. The flaw allows a remote attacker to trigger a denial of service (application crash) via a zero-length item in ASN.1 structures (e.g., a zero-length basic constraint or a zero-length OCSP field). Affected software includes NSS-based ...

5CVSS9.1AI score0.02945EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.179 views

CVE-2013-1682

CVE-2013-1682 affects Mozilla Firefox and Thunderbird (Firefox before 22.0, ESR 17.x before 17.0.7; Thunderbird before 17.0.7) with memory corruption/DoS and potential arbitrary code execution via unknown vectors. Multiple connected advisories enumerate affected builds (MiracleLinux 3/4, openSUSE...

10CVSS7.7AI score0.05397EPSS
CVE
CVE
added 2013/05/16 10:0 a.m.178 views

CVE-2013-1670

CVE-2013-1670 affects Mozilla Firefox < 21.0, Firefox ESR < 17.0.6, Thunderbird

4.3CVSS8.1AI score0.10893EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.176 views

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

9.3CVSS9.6AI score0.147EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.176 views

CVE-2013-1710

CVE-2013-1710 affects Mozilla Firefox and related Mozilla-based products via a flaw in Certificate Request Message Format (CRMF) request generation that could allow remote JavaScript execution or cross-site scripting. Specifically, vulnerable components include Firefox before 23.0, Firefox ESR 17...

10CVSS8.4AI score0.40118EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.170 views

CVE-2013-0788

CVE-2013-0788 concerns multiple unspecified vulnerabilities in the Mozilla Firefox browser engine that can cause memory corruption, a crash, or possibly arbitrary code execution. Affected products include Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ...

10CVSS9.9AI score0.04615EPSS
CVE
CVE
added 2013/05/16 10:0 a.m.170 views

CVE-2013-1679

CVE-2013-1679 is a use-after-free in mozilla::plugins::child::_geturlnotify in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6. This allows remote attackers to execute arbitrary code or cause a denial of service (heap ...

10CVSS9.6AI score0.05437EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.169 views

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

9.3CVSS9.4AI score0.05381EPSS
CVE
CVE
added 2012/07/18 10:0 a.m.168 views

CVE-2012-1952

CVE-2012-1952 is a memory-safety/typical bad-cast flaw in Mozilla’s nsTableFrame::InsertFrames that occurs when processing mixed row-group and column-group frames. Affected products include Mozilla Firefox 4.x–13.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0–13.0, Thunderbird ESR 10.x prio...

9.3CVSS9.5AI score0.03688EPSS
CVE
CVE
added 2013/09/18 10:0 a.m.165 views

CVE-2013-1718

CVE-2013-1718 is a remote memory-safety vulnerability in the Mozilla Firefox/Thunderbird/SeaMonkey browser engine. The issue affects Firefox up to version 24.0, Firefox ESR 17.x up to 17.0.9, Thunderbird up to 24.0, Thunderbird ESR 17.x up to 17.0.9, and SeaMonkey up to 2.21, and can lead to memo...

10CVSS9.9AI score0.05437EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.163 views

CVE-2017-5398

CVE-2017-5398 describes memory-safety bugs in Mozilla Thunderbird (and related Firefox components) that could allow arbitrary code execution. Affected products include Thunderbird versions earlier than 45.8 (and Firefox earlier than 52; ESR lines too). Public advisories indicate fixes in Thunderb...

10CVSS8.8AI score0.03753EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.161 views

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

9.3CVSS9.6AI score0.0633EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.159 views

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

9.3CVSS9.1AI score0.60859EPSS
CVE
CVE
added 2012/03/14 7:0 p.m.158 views

CVE-2012-0455

CVE-2012-0455 affects Mozilla browsers: drag-and-drop restrictions on javascript: URLs can enable user-assisted XSS. Affected products include Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x b...

4.3CVSS8.3AI score0.01778EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.158 views

CVE-2012-1970

CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...

10CVSS9.8AI score0.05566EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.158 views

CVE-2013-1701

CVE-2013-1701 is part of multiple Mozilla browser engine vulnerabilities fixed in Firefox (before 23.0), ESR 17.x (before 17.0.8), Thunderbird (before 17.0.8), and SeaMonkey (before 2.20). The MiracleLinux advisories and IBM/Red Hat entries confirm remediation via upgrading to patched versions (F...

10CVSS9.9AI score0.04587EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.157 views

CVE-2013-1693

CVE-2013-1693 affects Mozilla Firefox (SVG filter implementation) and related Mozilla products. Affected: Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. Impact: remote attackers could read pixel values and possibly bypass Sa...

4.3CVSS7AI score0.03745EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.156 views

CVE-2013-1694

CVE-2013-1694 affects Mozilla Firefox <= 21.x (before 22.0), Firefox ESR < 17.0.7, Thunderbird < 17.0.7, and Thunderbird ESR

7.5CVSS7.4AI score0.04603EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.155 views

CVE-2012-3993

CVE-2012-3993 affects Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). The Chrome Object Wrapper (COW) implementation can mishandle InstallTrigger failures, enabling remote JavaScript execution with chrome privil...

9.3CVSS9.1AI score0.42609EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.154 views

CVE-2012-3990

CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...

9.3CVSS9.4AI score0.05201EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.154 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2013/02/19 11:0 p.m.154 views

CVE-2013-0775

CVE-2013-0775 is a use-after-free vulnerability in Firefox’s image handling. Specifically, it concerns nsImageLoadingContent::OnStopContainer and affects Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16. ...

9.3CVSS9.6AI score0.03498EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.153 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0795

CVE-2013-0795 affects Mozilla Firefox (before 20.0) and related Mozilla stack (ESR 17.x before 17.0.5, Thunderbird before 17.0.5, SeaMonkey before 2.17). The issue arises from the System Only Wrapper (SOW) allowing a crafted site to clone a protected node via cloneNode, bypassing the Same Origin ...

10CVSS9.5AI score0.03429EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0796

CVE-2013-0796 is a WebGL/Mesa driver interaction flaw in Mozilla Firefox (and related Mozilla apps like Thunderbird and SeaMonkey) on Linux that could allow remote code execution or DoS. The issue arises from how WebGL interacts with Mesa drivers, enabling exploitation via unspecified vectors. Pu...

10CVSS9.5AI score0.07953EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.153 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.153 views

CVE-2013-1684

CVE-2013-1684 is a use-after-free in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function affecting Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. It allows remote attackers to execute arbitrary co...

9.3CVSS7.2AI score0.03537EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.152 views

CVE-2013-1697

CVE-2013-1697 affects Mozilla Firefox (before 22.0) and related Thunderbird/ESR builds. The XrayWrapper allowed bypassing restrictions on DefaultValue for method calls, enabling remote JavaScript execution with chrome privileges via a crafted site using a user-defined (1) toString or (2) valueOf....

9.3CVSS7.1AI score0.03166EPSS
CVE
CVE
added 2013/09/18 10:0 a.m.152 views

CVE-2013-1732

CVE-2013-1732 is a buffer overflow in Mozilla's nsFloatManager::GetFlowArea that affects Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21. This allows remote attackers to execute arbitrary code via crafted ...

9.3CVSS9.7AI score0.08894EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.151 views

CVE-2012-1972

CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.151 views

CVE-2013-0744

CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...

9.3CVSS9.6AI score0.06147EPSS
CVE
CVE
added 2013/02/19 11:0 p.m.151 views

CVE-2013-0783

CVE-2013-0783 refers to multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (Firefox <19.0, ESR 17.x <17.0.3, Thunderbird <17.0.3, SeaMonkey

9.3CVSS9.9AI score0.04676EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.151 views

CVE-2013-1717

CVE-2013-1717: Local-filesystem access via Java applets not properly restricted in Mozilla Firefox (before 23.0; ESR 17.x before 17.0.8), SeaMonkey (before 2.20), and Thunderbird (before 17.0.8). This allows user‑assisted reading of arbitrary files through downloads to fixed/predictable paths. Co...

5.4CVSS9.1AI score0.02424EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.151 views

CVE-2018-5183

CVE-2018-5183 is a memory corruption vulnerability in Mozilla’s Skia library used by Firefox/Thunderbird ESR 52.x. The issue involves invalid reads/writes during graphic operations and was addressed by backporting changes to Skia, with fixed versions shipped as Thunderbird/Firefox ESR 52.8.0 (and...

9.8CVSS7.2AI score0.0318EPSS
CVE
CVE
added 2013/06/26 1:0 a.m.149 views

CVE-2013-1687

CVE-2013-1687 affects Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. The vulnerability arises from insufficient restriction of XBL user-defined functions in the SOW (System Only Wrapper) and COW (Chrome Object Wrappe...

9.3CVSS6.4AI score0.03337EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.148 views

CVE-2013-1713

CVE-2013-1713 affects Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20. It arises from an incorrect URI comparison during enforcement of the Same Origin Policy, enabling remote attackers to perfor...

4.3CVSS8.2AI score0.0162EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.147 views

CVE-2012-4194

The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...

4.3CVSS8.2AI score0.02835EPSS
Total number of security vulnerabilities228