Lucene search

K
MozillaThunderbird Esr

37 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.107 views

CVE-2018-5170

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

4.3CVSS6.1AI score0.0117EPSS
CVE
CVE
added 2013/05/16 11:45 a.m.106 views

CVE-2013-1670

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...

4.3CVSS8.1AI score0.45979EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.98 views

CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

4.3CVSS5.9AI score0.01228EPSS
CVE
CVE
added 2013/06/26 3:19 a.m.96 views

CVE-2013-1693

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observin...

4.3CVSS7AI score0.00441EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.94 views

CVE-2013-0748

The XBL.proto .toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR pro...

4.3CVSS9.2AI score0.00306EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.89 views

CVE-2013-1713

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site...

4.3CVSS8.2AI score0.00466EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.88 views

CVE-2013-1709

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attack...

4.3CVSS8.1AI score0.00521EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.87 views

CVE-2013-1714

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and...

4.3CVSS8.2AI score0.01083EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.82 views

CVE-2012-4194

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to con...

4.3CVSS8.2AI score0.01358EPSS
CVE
CVE
added 2013/06/26 3:19 a.m.82 views

CVE-2013-1692

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks...

4.3CVSS6.6AI score0.00728EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.81 views

CVE-2013-0793

Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attac...

4.3CVSS8.3AI score0.0108EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.80 views

CVE-2012-0455

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote a...

4.3CVSS8.3AI score0.01014EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.77 views

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script...

4CVSS9.1AI score0.00653EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.75 views

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote ...

4.3CVSS7.8AI score0.01708EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.74 views

CVE-2012-0477

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR o...

4.3CVSS8.2AI score0.00722EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.74 views

CVE-2012-0479

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.

4.3CVSS9.2AI score0.00775EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.74 views

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions v...

4.3CVSS9AI score0.01538EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.74 views

CVE-2013-5595

The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct b...

4.3CVSS7AI score0.01926EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.71 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via v...

4.3CVSS8.2AI score0.01138EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.71 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct cli...

4.3CVSS6.2AI score0.00483EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.68 views

CVE-2012-0471

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

4.3CVSS7.7AI score0.00722EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.67 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.67 views

CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

4.3CVSS9.1AI score0.00552EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.66 views

CVE-2012-3994

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and ...

4.3CVSS8.2AI score0.00927EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.66 views

CVE-2012-5841

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cro...

4.3CVSS7.8AI score0.01544EPSS
CVE
CVE
added 2012/10/29 6:55 p.m.65 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier ...

4.3CVSS8.2AI score0.00962EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.64 views

CVE-2012-0451

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct c...

4.3CVSS8.5AI score0.00579EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.64 views

CVE-2012-1963

The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...

4.3CVSS9.3AI score0.01487EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.64 views

CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attack...

4.3CVSS9.1AI score0.01102EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.61 views

CVE-2012-1944

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

4.3CVSS8AI score0.00696EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.61 views

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attack...

4.3CVSS9.1AI score0.01172EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.60 views

CVE-2012-0474

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS7.3AI score0.00685EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.60 views

CVE-2013-6674

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a rela...

4.3CVSS7.8AI score0.23161EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.58 views

CVE-2012-1964

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clic...

4CVSS9.1AI score0.00878EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.55 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.53 views

CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED...

4.3CVSS7.7AI score0.23161EPSS