Lucene search

K
MozillaThunderbird Esr

228 matches found

CVE
CVE
added 2012/10/10 5:55 p.m.64 views

CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attack...

4.3CVSS9.1AI score0.01102EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.63 views

CVE-2012-1955

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.

6.8CVSS9.1AI score0.02583EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.63 views

CVE-2013-5596

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

6.8CVSS7.4AI score0.01775EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.62 views

CVE-2012-1945

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME ele...

2.9CVSS8.4AI score0.00192EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.62 views

CVE-2012-3967

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remo...

9.3CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.62 views

CVE-2012-4193

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same O...

6.8CVSS9AI score0.01406EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.62 views

CVE-2012-4202

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF ima...

9.3CVSS9AI score0.06753EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.62 views

CVE-2012-4213

Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.62 views

CVE-2013-0797

Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified dir...

6.9CVSS6.1AI score0.00166EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.61 views

CVE-2012-1944

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

4.3CVSS8AI score0.00696EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attack...

4.3CVSS9.1AI score0.01172EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.61 views

CVE-2013-0777

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS7.6AI score0.01397EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.61 views

CVE-2013-0778

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.60 views

CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows ...

5CVSS8.7AI score0.00712EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.60 views

CVE-2012-0474

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS7.3AI score0.00685EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.60 views

CVE-2013-5591

Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn...

10CVSS7.7AI score0.03277EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.60 views

CVE-2013-6674

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a rela...

4.3CVSS7.8AI score0.23161EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.58 views

CVE-2012-1964

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clic...

4CVSS9.1AI score0.00878EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.57 views

CVE-2012-1946

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via doc...

9.3CVSS9.6AI score0.01451EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.57 views

CVE-2012-3105

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows rem...

9.3CVSS8.1AI score0.03223EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.55 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.54 views

CVE-2012-0463

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after even...

7.5CVSS9.7AI score0.04347EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.54 views

CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-renderin...

9.3CVSS9.6AI score0.01525EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.53 views

CVE-2012-3974

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

6.9CVSS6.1AI score0.0006EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.53 views

CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED...

4.3CVSS7.7AI score0.23161EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.51 views

CVE-2012-0454

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or poss...

7.5CVSS7.8AI score0.02911EPSS
Total number of security vulnerabilities228