228 matches found
CVE-2013-1690
CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...
CVE-2013-1675
CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...
CVE-2013-2566
CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...
CVE-2013-0753
CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...
CVE-2013-0758
CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...
CVE-2018-5150
CVE-2018-5150 concerns memory safety bugs in Firefox 59/ESR 52.7 and Thunderbird 52.7, with potential memory corruption that could allow arbitrary code execution. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR
CVE-2018-5155
CVE-2018-5155 is a use-after-free in the layout code when processing SVG text-paths during animations, causing a potentially exploitable crash. Affected products include Thunderbird and Firefox: Thunderbird < 52.8 (including ESR), and Firefox
CVE-2018-5159
CVE-2018-5159 describes an integer overflow in the Skia library caused by 32-bit integer use in an array without bounds checks, leading to out-of-bounds writes. This can crash web content and is potentially exploitable. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, F...
CVE-2012-0469
CVE-2012-0469 is a use-after-free in Mozilla Firefox/Thunderbird/SeaMonkey components involving the IndexedDB IDBKeyRange cycleCollection Trace path. Affects Firefox 4.x–11.0, ESR 10.x before 10.0.4, Thunderbird 5.0–11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9. Root cause: u...
CVE-2018-5154
CVE-2018-5154 is a use-after-free in the enumeration of attributes during SVG animations with clip paths, causing a potentially exploitable crash. Affected: Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, Firefox ESR
CVE-2018-5168
CVE-2018-5168 is a vulnerability in Thunderbird and Firefox where an attacker can bypass permission checks by manipulating the baseURI of the theme element, enabling a user interaction-free installation of a theme that could contain offensive images. Affected products and versions per the records...
CVE-2013-0801
CVE-2013-0801 is a memory-corruption vulnerability in the Mozilla Firefox/Thunderbird browser engine. Affected: Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6. Impact per docs: remote Denial of Service and possible arbitrary ...
CVE-2012-5829
CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...
CVE-2012-0441
The CVE-2012-0441 issue affects the NSS ASN.1 decoder QuickDER. The flaw allows a remote attacker to trigger a denial of service (application crash) via a zero-length item in ASN.1 structures (e.g., a zero-length basic constraint or a zero-length OCSP field). Affected software includes NSS-based ...
CVE-2013-1682
CVE-2013-1682 affects Mozilla Firefox and Thunderbird (Firefox before 22.0, ESR 17.x before 17.0.7; Thunderbird before 17.0.7) with memory corruption/DoS and potential arbitrary code execution via unknown vectors. Multiple connected advisories enumerate affected builds (MiracleLinux 3/4, openSUSE...
CVE-2013-1670
CVE-2013-1670 affects Mozilla Firefox < 21.0, Firefox ESR < 17.0.6, Thunderbird
CVE-2012-4186
CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...
CVE-2013-1710
CVE-2013-1710 affects Mozilla Firefox and related Mozilla-based products via a flaw in Certificate Request Message Format (CRMF) request generation that could allow remote JavaScript execution or cross-site scripting. Specifically, vulnerable components include Firefox before 23.0, Firefox ESR 17...
CVE-2013-0788
CVE-2013-0788 concerns multiple unspecified vulnerabilities in the Mozilla Firefox browser engine that can cause memory corruption, a crash, or possibly arbitrary code execution. Affected products include Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ...
CVE-2013-1679
CVE-2013-1679 is a use-after-free in mozilla::plugins::child::_geturlnotify in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6. This allows remote attackers to execute arbitrary code or cause a denial of service (heap ...
CVE-2013-0754
CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...
CVE-2012-1952
CVE-2012-1952 is a memory-safety/typical bad-cast flaw in Mozilla’s nsTableFrame::InsertFrames that occurs when processing mixed row-group and column-group frames. Affected products include Mozilla Firefox 4.x–13.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0–13.0, Thunderbird ESR 10.x prio...
CVE-2013-1718
CVE-2013-1718 is a remote memory-safety vulnerability in the Mozilla Firefox/Thunderbird/SeaMonkey browser engine. The issue affects Firefox up to version 24.0, Firefox ESR 17.x up to 17.0.9, Thunderbird up to 24.0, Thunderbird ESR 17.x up to 17.0.9, and SeaMonkey up to 2.21, and can lead to memo...
CVE-2017-5398
CVE-2017-5398 describes memory-safety bugs in Mozilla Thunderbird (and related Firefox components) that could allow arbitrary code execution. Affected products include Thunderbird versions earlier than 45.8 (and Firefox earlier than 52; ESR lines too). Public advisories indicate fixes in Thunderb...
CVE-2013-0750
CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...
CVE-2013-0757
CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...
CVE-2012-0455
CVE-2012-0455 affects Mozilla browsers: drag-and-drop restrictions on javascript: URLs can enable user-assisted XSS. Affected products include Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x b...
CVE-2012-1970
CVE-2012-1970 affects Mozilla Firefox before 15.0, Thunderbird before 15.0, ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The issue stems from multiple unspecified vulnerabilities in the browser engine that can allow remote attackers to cause memory corruption and application crashes or pote...
CVE-2013-1701
CVE-2013-1701 is part of multiple Mozilla browser engine vulnerabilities fixed in Firefox (before 23.0), ESR 17.x (before 17.0.8), Thunderbird (before 17.0.8), and SeaMonkey (before 2.20). The MiracleLinux advisories and IBM/Red Hat entries confirm remediation via upgrading to patched versions (F...
CVE-2013-1693
CVE-2013-1693 affects Mozilla Firefox (SVG filter implementation) and related Mozilla products. Affected: Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. Impact: remote attackers could read pixel values and possibly bypass Sa...
CVE-2013-1694
CVE-2013-1694 affects Mozilla Firefox <= 21.x (before 22.0), Firefox ESR < 17.0.7, Thunderbird < 17.0.7, and Thunderbird ESR
CVE-2012-3993
CVE-2012-3993 affects Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). The Chrome Object Wrapper (COW) implementation can mishandle InstallTrigger failures, enabling remote JavaScript execution with chrome privil...
CVE-2012-3990
CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...
CVE-2013-0748
CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...
CVE-2013-0775
CVE-2013-0775 is a use-after-free vulnerability in Firefox’s image handling. Specifically, it concerns nsImageLoadingContent::OnStopContainer and affects Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16. ...
CVE-2012-1976
CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...
CVE-2013-0795
CVE-2013-0795 affects Mozilla Firefox (before 20.0) and related Mozilla stack (ESR 17.x before 17.0.5, Thunderbird before 17.0.5, SeaMonkey before 2.17). The issue arises from the System Only Wrapper (SOW) allowing a crafted site to clone a protected node via cloneNode, bypassing the Same Origin ...
CVE-2013-0796
CVE-2013-0796 is a WebGL/Mesa driver interaction flaw in Mozilla Firefox (and related Mozilla apps like Thunderbird and SeaMonkey) on Linux that could allow remote code execution or DoS. The issue arises from how WebGL interacts with Mesa drivers, enabling exploitation via unspecified vectors. Pu...
CVE-2013-0800
CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...
CVE-2013-1684
CVE-2013-1684 is a use-after-free in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function affecting Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. It allows remote attackers to execute arbitrary co...
CVE-2013-1697
CVE-2013-1697 affects Mozilla Firefox (before 22.0) and related Thunderbird/ESR builds. The XrayWrapper allowed bypassing restrictions on DefaultValue for method calls, enabling remote JavaScript execution with chrome privileges via a crafted site using a user-defined (1) toString or (2) valueOf....
CVE-2013-1732
CVE-2013-1732 is a buffer overflow in Mozilla's nsFloatManager::GetFlowArea that affects Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21. This allows remote attackers to execute arbitrary code via crafted ...
CVE-2012-1972
CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...
CVE-2013-0744
CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...
CVE-2013-0783
CVE-2013-0783 refers to multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (Firefox <19.0, ESR 17.x <17.0.3, Thunderbird <17.0.3, SeaMonkey
CVE-2013-1717
CVE-2013-1717: Local-filesystem access via Java applets not properly restricted in Mozilla Firefox (before 23.0; ESR 17.x before 17.0.8), SeaMonkey (before 2.20), and Thunderbird (before 17.0.8). This allows user‑assisted reading of arbitrary files through downloads to fixed/predictable paths. Co...
CVE-2018-5183
CVE-2018-5183 is a memory corruption vulnerability in Mozilla’s Skia library used by Firefox/Thunderbird ESR 52.x. The issue involves invalid reads/writes during graphic operations and was addressed by backporting changes to Skia, with fixed versions shipped as Thunderbird/Firefox ESR 52.8.0 (and...
CVE-2013-1687
CVE-2013-1687 affects Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7. The vulnerability arises from insufficient restriction of XBL user-defined functions in the SOW (System Only Wrapper) and COW (Chrome Object Wrappe...
CVE-2013-1713
CVE-2013-1713 affects Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20. It arises from an incorrect URI comparison during enforcement of the Same Origin Policy, enabling remote attackers to perfor...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...