Lucene search

K
MozillaThunderbird Esr

228 matches found

CVE
CVE
added 2013/10/30 10:55 a.m.73 views

CVE-2013-5600

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute ...

10CVSS7.5AI score0.02688EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.73 views

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbit...

10CVSS7.5AI score0.02864EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.72 views

CVE-2012-1939

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.

9.3CVSS9.8AI score0.04409EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.72 views

CVE-2012-1947

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a...

9.3CVSS9.7AI score0.05794EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.72 views

CVE-2012-3958

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a de...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.72 views

CVE-2012-3982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application cr...

9.3CVSS9.8AI score0.01275EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.72 views

CVE-2012-4215

Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a de...

9.3CVSS9AI score0.04317EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.72 views

CVE-2012-5839

Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via un...

9.3CVSS9.1AI score0.05209EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.72 views

CVE-2012-5840

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial ...

9.3CVSS9.1AI score0.04317EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.72 views

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a cra...

9.3CVSS9.2AI score0.03154EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.72 views

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to c...

6.8CVSS9AI score0.02298EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.71 views

CVE-2012-0459

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execut...

7.5CVSS9.7AI score0.03436EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.71 views

CVE-2012-3963

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.4AI score0.02313EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.71 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via v...

4.3CVSS8.2AI score0.01138EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.71 views

CVE-2012-4181

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial...

9.3CVSS9.4AI score0.03145EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.71 views

CVE-2012-5843

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.2AI score0.0299EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.71 views

CVE-2013-0756

Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing Jav...

9.3CVSS9.3AI score0.01375EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.71 views

CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote att...

9.3CVSS9.2AI score0.01092EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.71 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct cli...

4.3CVSS6.2AI score0.00483EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.71 views

CVE-2013-5597

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary cod...

10CVSS7.7AI score0.03629EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.70 views

CVE-2012-0460

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted...

6.4CVSS9AI score0.01798EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.70 views

CVE-2012-0462

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and appli...

7.5CVSS10AI score0.02189EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.70 views

CVE-2012-1962

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corr...

10CVSS9.7AI score0.03397EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.70 views

CVE-2012-4179

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denia...

9.3CVSS9.4AI score0.05468EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.70 views

CVE-2012-4183

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of...

9.3CVSS9.4AI score0.02721EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.70 views

CVE-2012-5838

The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.

9.3CVSS8.9AI score0.02018EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.70 views

CVE-2013-0752

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that ...

9.3CVSS9.4AI score0.02834EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.70 views

CVE-2013-0771

Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted ...

9.3CVSS9.5AI score0.03151EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.70 views

CVE-2013-0784

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS8AI score0.00647EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.69 views

CVE-2012-1948

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and appl...

9.3CVSS10AI score0.03749EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.69 views

CVE-2012-1959

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remo...

5CVSS9.3AI score0.0093EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.68 views

CVE-2012-0471

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

4.3CVSS7.7AI score0.00722EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.68 views

CVE-2013-5603

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memor...

10CVSS7.3AI score0.0527EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.67 views

CVE-2012-0457

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might all...

9.3CVSS9.6AI score0.11824EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.67 views

CVE-2012-1941

Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code b...

9.3CVSS9.8AI score0.06289EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.67 views

CVE-2012-1953

The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect point...

9.3CVSS9.7AI score0.0172EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.67 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.67 views

CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

4.3CVSS9.1AI score0.00552EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.67 views

CVE-2013-0781

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.66 views

CVE-2012-3988

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen ...

9.3CVSS9.3AI score0.03584EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.66 views

CVE-2012-3994

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and ...

4.3CVSS8.2AI score0.00927EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.66 views

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats cer...

6.4CVSS8.8AI score0.00964EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.66 views

CVE-2012-4217

Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.66 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.65 views

CVE-2012-3995

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecifi...

9.3CVSS9.4AI score0.01805EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.65 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier ...

4.3CVSS8.2AI score0.00962EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.65 views

CVE-2013-1706

Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.

7.2CVSS6.7AI score0.00049EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.65 views

CVE-2013-1726

Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MA...

6.2CVSS6.2AI score0.00107EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.64 views

CVE-2012-0451

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct c...

4.3CVSS8.5AI score0.00579EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.64 views

CVE-2012-1963

The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...

4.3CVSS9.3AI score0.01487EPSS
Total number of security vulnerabilities228