Lucene search

K
MozillaThunderbird3.1.6

76 matches found

CVE
CVE
added 2011/08/18 6:55 p.m.177 views

CVE-2011-0084

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrar...

10CVSS9.7AI score0.05474EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.163 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attac...

4.3CVSS9.2AI score0.01301EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.123 views

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

10CVSS9.7AI score0.87301EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.103 views

CVE-2011-0083

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.100 views

CVE-2011-2372

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

3.5CVSS9.1AI score0.00429EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.99 views

CVE-2011-0080

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitra...

10CVSS10AI score0.0176EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.98 views

CVE-2011-2363

Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.94 views

CVE-2011-0070

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut...

10CVSS9.9AI score0.02187EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.93 views

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.93 views

CVE-2011-2373

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

7.6CVSS9.5AI score0.02711EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.92 views

CVE-2011-0074

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.92 views

CVE-2011-0078

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.91 views

CVE-2011-0053

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code...

10CVSS10AI score0.01852EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.90 views

CVE-2012-3964

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service ...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2010/04/28 10:30 p.m.89 views

CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote ...

9.3CVSS9.3AI score0.01151EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.89 views

CVE-2011-0072

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.88 views

CVE-2012-3969

Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that tr...

9.3CVSS9.5AI score0.03796EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.87 views

CVE-2011-2374

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.04001EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-0085

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

10CVSS9.5AI score0.02451EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

5CVSS9.2AI score0.01226EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.85 views

CVE-2012-3966

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a ....

10CVSS9.3AI score0.03661EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.85 views

CVE-2012-3970

Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (h...

10CVSS9.3AI score0.02743EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-3993

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to ...

9.3CVSS9.1AI score0.75843EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.83 views

CVE-2010-3776

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl...

9.3CVSS10AI score0.03801EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.83 views

CVE-2012-3978

The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intend...

6.8CVSS9.7AI score0.01746EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.82 views

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.82 views

CVE-2011-2981

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript c...

9.3CVSS9.3AI score0.01281EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.82 views

CVE-2012-3980

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and trigger...

9.3CVSS9.1AI score0.01431EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.81 views

CVE-2010-3777

Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.9AI score0.06912EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.81 views

CVE-2011-0069

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut...

10CVSS9.9AI score0.02187EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.80 views

CVE-2011-2995

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow...

10CVSS10AI score0.01877EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.79 views

CVE-2011-0081

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.02781EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2378

The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointe...

10CVSS9.6AI score0.03719EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering f...

10CVSS9.5AI score0.01478EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.78 views

CVE-2011-2376

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.01659EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.78 views

CVE-2011-2983

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, p...

4.3CVSS9.1AI score0.00849EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.78 views

CVE-2012-3962

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.

9.3CVSS9.3AI score0.0379EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.77 views

CVE-2011-2982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ar...

10CVSS10AI score0.0176EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.76 views

CVE-2011-2365

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than ...

10CVSS9.9AI score0.0176EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.74 views

CVE-2011-2999

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.

4.3CVSS9.2AI score0.00722EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.72 views

CVE-2010-3768

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via v...

9.3CVSS9.6AI score0.06823EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.72 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

5CVSS9.2AI score0.01674EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.72 views

CVE-2012-3958

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a de...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2364

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than ...

10CVSS9.9AI score0.0176EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5CVSS9.9AI score0.04613EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.70 views

CVE-2012-1956

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving ...

4.3CVSS8.2AI score0.00743EPSS
CVE
CVE
added 2011/06/30 3:55 p.m.69 views

CVE-2011-2366

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3CVSS6.4AI score0.00606EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.69 views

CVE-2011-2605

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a...

4.3CVSS9.3AI score0.04001EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.69 views

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and readin...

5CVSS9AI score0.00725EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.68 views

CVE-2011-0062

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.05565EPSS
Total number of security vulnerabilities76