Lucene search

K
MozillaThunderbird3.1.9

50 matches found

CVE
CVE
added 2011/08/18 6:55 p.m.177 views

CVE-2011-0084

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrar...

10CVSS9.7AI score0.05474EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.163 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attac...

4.3CVSS9.2AI score0.01301EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.123 views

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

10CVSS9.7AI score0.87301EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.103 views

CVE-2011-0083

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.100 views

CVE-2011-2372

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

3.5CVSS9.1AI score0.00429EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.98 views

CVE-2011-2363

Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.93 views

CVE-2011-2373

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

7.6CVSS9.5AI score0.02711EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.90 views

CVE-2012-3964

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service ...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.88 views

CVE-2012-3969

Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that tr...

9.3CVSS9.5AI score0.03796EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.87 views

CVE-2011-2374

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.04001EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-0085

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

10CVSS9.5AI score0.02451EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

5CVSS9.2AI score0.01226EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.85 views

CVE-2012-3966

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a ....

10CVSS9.3AI score0.03661EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.85 views

CVE-2012-3970

Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (h...

10CVSS9.3AI score0.02743EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-3993

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to ...

9.3CVSS9.1AI score0.75843EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.83 views

CVE-2012-3978

The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intend...

6.8CVSS9.7AI score0.01746EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.82 views

CVE-2011-2981

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript c...

9.3CVSS9.3AI score0.01281EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.82 views

CVE-2012-3980

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and trigger...

9.3CVSS9.1AI score0.01431EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.80 views

CVE-2011-2995

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow...

10CVSS10AI score0.01877EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.79 views

CVE-2011-0081

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.02781EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering f...

10CVSS9.5AI score0.01478EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.78 views

CVE-2011-2376

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.01659EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.78 views

CVE-2011-2983

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, p...

4.3CVSS9.1AI score0.00849EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.78 views

CVE-2012-3962

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.

9.3CVSS9.3AI score0.0379EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.76 views

CVE-2011-2365

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than ...

10CVSS9.9AI score0.0176EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.74 views

CVE-2011-2999

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.

4.3CVSS9.2AI score0.00722EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.72 views

CVE-2012-3958

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a de...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2364

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than ...

10CVSS9.9AI score0.0176EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5CVSS9.9AI score0.04613EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.70 views

CVE-2012-1956

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving ...

4.3CVSS8.2AI score0.00743EPSS
CVE
CVE
added 2011/06/30 3:55 p.m.69 views

CVE-2011-2366

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3CVSS6.4AI score0.00606EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.69 views

CVE-2011-2605

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a...

4.3CVSS9.3AI score0.04001EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.68 views

CVE-2011-2375

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.02013EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.63 views

CVE-2011-3005

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

9.3CVSS9.6AI score0.03362EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.60 views

CVE-2011-2980

Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firef...

7.2CVSS8.8AI score0.00056EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.59 views

CVE-2011-3001

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecifi...

4.3CVSS9AI score0.00201EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.59 views

CVE-2011-3232

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

9.3CVSS9.6AI score0.04655EPSS
CVE
CVE
added 2011/12/21 4:2 a.m.59 views

CVE-2011-3666

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-...

6.8CVSS6.4AI score0.00429EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.57 views

CVE-2002-2436

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a re...

4.3CVSS5.6AI score0.00732EPSS
CVE
CVE
added 2011/09/29 12:55 a.m.57 views

CVE-2011-2997

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02981EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.55 views

CVE-2012-3975

The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.

4.3CVSS8.8AI score0.00923EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.54 views

CVE-2012-1971

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garba...

9.3CVSS9.8AI score0.02146EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.53 views

CVE-2012-3971

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) ...

10CVSS9.4AI score0.03136EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.53 views

CVE-2012-3974

Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.

6.9CVSS6.1AI score0.0006EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.52 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS8.9AI score0.00178EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.51 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspeci...

10CVSS9.8AI score0.19734EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.48 views

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.05919EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.46 views

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

5CVSS8.9AI score0.00234EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.45 views

CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web...

5CVSS6.1AI score0.00294EPSS
CVE
CVE
added 2011/12/21 4:2 a.m.45 views

CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other...

6.8CVSS7.2AI score0.01153EPSS