Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-0791 | 5.0 |
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other pr
|
21-12-2022 - 16:17 | 03-04-2013 - 11:56 | |
CVE-2013-0800 | 6.8 |
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, Se
|
11-03-2021 - 15:35 | 03-04-2013 - 11:56 | |
CVE-2012-3972 | 5.0 |
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
|
09-09-2020 - 14:51 | 29-08-2012 - 10:56 | |
CVE-2012-3961 | 10.0 |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
|
28-08-2020 - 14:23 | 29-08-2012 - 10:56 | |
CVE-2012-3968 | 10.0 |
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
|
28-08-2020 - 14:23 | 29-08-2012 - 10:56 | |
CVE-2012-3957 | 10.0 |
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
|
28-08-2020 - 14:12 | 29-08-2012 - 10:56 | |
CVE-2012-3956 | 10.0 |
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
|
28-08-2020 - 14:09 | 29-08-2012 - 10:56 | |
CVE-2012-1975 | 10.0 |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
28-08-2020 - 13:44 | 29-08-2012 - 10:56 | |
CVE-2012-1972 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
28-08-2020 - 13:33 | 29-08-2012 - 10:56 | |
CVE-2012-1970 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
|
28-08-2020 - 13:30 | 29-08-2012 - 10:56 | |
CVE-2012-1938 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
28-08-2020 - 13:20 | 05-06-2012 - 23:55 | |
CVE-2012-3983 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
27-08-2020 - 14:53 | 10-10-2012 - 17:55 | |
CVE-2012-3989 | 9.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary
|
27-08-2020 - 14:50 | 10-10-2012 - 17:55 | |
CVE-2012-3976 | 4.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
|
26-08-2020 - 20:39 | 29-08-2012 - 10:56 | |
CVE-2012-3963 | 10.0 |
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
|
26-08-2020 - 20:38 | 29-08-2012 - 10:56 | |
CVE-2012-3960 | 10.0 |
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
|
26-08-2020 - 20:37 | 29-08-2012 - 10:56 | |
CVE-2012-3959 | 10.0 |
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1976 | 10.0 |
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1974 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
|
26-08-2020 - 20:36 | 29-08-2012 - 10:56 | |
CVE-2012-1973 | 10.0 |
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
|
26-08-2020 - 20:35 | 29-08-2012 - 10:56 | |
CVE-2012-5354 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
|
26-08-2020 - 19:40 | 10-10-2012 - 17:55 | |
CVE-2012-3984 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2012-3985 | 4.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access af
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2012-4205 | 6.8 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site reques
|
21-08-2020 - 18:45 | 21-11-2012 - 12:55 | |
CVE-2012-4218 | 10.0 |
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4212 | 10.0 |
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4193 | 6.8 |
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, w
|
14-08-2020 - 18:07 | 12-10-2012 - 10:44 | |
CVE-2012-5829 | 9.3 |
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
14-08-2020 - 17:38 | 21-11-2012 - 12:55 | |
CVE-2012-4201 | 4.3 |
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code
|
14-08-2020 - 17:33 | 21-11-2012 - 12:55 | |
CVE-2012-4191 | 9.3 |
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and
|
14-08-2020 - 17:27 | 12-10-2012 - 10:44 | |
CVE-2012-3993 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
|
13-08-2020 - 20:43 | 10-10-2012 - 17:55 | |
CVE-2012-4216 | 9.3 |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
13-08-2020 - 19:42 | 21-11-2012 - 12:55 | |
CVE-2012-4214 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
13-08-2020 - 19:38 | 21-11-2012 - 12:55 | |
CVE-2012-4209 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which make
|
13-08-2020 - 19:32 | 21-11-2012 - 12:55 | |
CVE-2012-4182 | 9.3 |
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
13-08-2020 - 19:32 | 10-10-2012 - 17:55 | |
CVE-2012-4188 | 9.3 |
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
|
13-08-2020 - 19:29 | 10-10-2012 - 17:55 | |
CVE-2012-3990 | 9.3 |
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to exe
|
13-08-2020 - 19:27 | 10-10-2012 - 17:55 | |
CVE-2012-4207 | 4.3 |
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in pro
|
13-08-2020 - 19:20 | 21-11-2012 - 12:55 | |
CVE-2012-4184 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype
|
13-08-2020 - 18:32 | 10-10-2012 - 17:55 | |
CVE-2012-4179 | 9.3 |
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote att
|
13-08-2020 - 18:21 | 10-10-2012 - 17:55 | |
CVE-2012-3995 | 9.3 |
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a den
|
13-08-2020 - 18:12 | 10-10-2012 - 17:55 | |
CVE-2012-5843 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
13-08-2020 - 14:46 | 21-11-2012 - 12:55 | |
CVE-2012-5838 | 9.3 |
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat
|
13-08-2020 - 14:13 | 21-11-2012 - 12:55 | |
CVE-2012-5836 | 7.5 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) proper
|
13-08-2020 - 13:44 | 21-11-2012 - 12:55 | |
CVE-2012-4217 | 9.3 |
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
|
13-08-2020 - 13:30 | 21-11-2012 - 12:55 | |
CVE-2012-4204 | 9.3 |
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
13-08-2020 - 13:26 | 21-11-2012 - 12:55 | |
CVE-2012-4213 | 9.3 |
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor
|
12-08-2020 - 20:01 | 21-11-2012 - 12:55 | |
CVE-2012-4208 | 4.3 |
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions o
|
12-08-2020 - 19:45 | 21-11-2012 - 12:55 | |
CVE-2012-3988 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
|
12-08-2020 - 18:11 | 10-10-2012 - 17:55 | |
CVE-2012-4196 | 6.4 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a pro
|
12-08-2020 - 17:45 | 29-10-2012 - 18:55 | |
CVE-2012-4194 | 4.3 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location),
|
12-08-2020 - 17:43 | 29-10-2012 - 18:55 | |
CVE-2012-4195 | 4.3 |
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and prin
|
12-08-2020 - 14:39 | 29-10-2012 - 18:55 | |
CVE-2013-0770 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
12-08-2020 - 12:53 | 13-01-2013 - 20:55 | |
CVE-2013-0760 | 9.3 |
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
|
11-08-2020 - 20:19 | 13-01-2013 - 20:55 | |
CVE-2012-4183 | 9.3 |
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attacke
|
11-08-2020 - 13:47 | 10-10-2012 - 17:55 | |
CVE-2012-4186 | 9.3 |
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
11-08-2020 - 13:43 | 10-10-2012 - 17:55 | |
CVE-2012-3991 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to by
|
11-08-2020 - 13:37 | 10-10-2012 - 17:55 | |
CVE-2013-0771 | 9.3 |
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote a
|
11-08-2020 - 13:14 | 13-01-2013 - 20:55 | |
CVE-2013-0769 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey be
|
11-08-2020 - 13:09 | 13-01-2013 - 20:55 | |
CVE-2013-0757 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of
|
11-08-2020 - 13:08 | 13-01-2013 - 20:55 | |
CVE-2013-0756 | 9.3 |
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbi
|
10-08-2020 - 21:08 | 13-01-2013 - 20:55 | |
CVE-2013-0755 | 9.3 |
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remot
|
10-08-2020 - 21:05 | 13-01-2013 - 20:55 | |
CVE-2013-0747 | 6.8 |
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same
|
10-08-2020 - 20:58 | 13-01-2013 - 20:55 | |
CVE-2013-0752 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
|
10-08-2020 - 20:52 | 13-01-2013 - 20:55 | |
CVE-2013-0745 | 9.3 |
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows rem
|
10-08-2020 - 20:31 | 13-01-2013 - 20:55 | |
CVE-2012-4180 | 9.3 |
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote a
|
10-08-2020 - 16:44 | 10-10-2012 - 17:55 | |
CVE-2012-3982 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial
|
10-08-2020 - 15:53 | 10-10-2012 - 17:55 | |
CVE-2012-4185 | 9.3 |
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary c
|
10-08-2020 - 15:19 | 10-10-2012 - 17:55 | |
CVE-2012-4187 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary c
|
10-08-2020 - 14:59 | 10-10-2012 - 17:55 | |
CVE-2012-3992 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XS
|
10-08-2020 - 14:52 | 10-10-2012 - 17:55 | |
CVE-2012-3986 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote a
|
10-08-2020 - 14:47 | 10-10-2012 - 17:55 | |
CVE-2013-0768 | 9.3 |
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbit
|
07-08-2020 - 18:48 | 13-01-2013 - 20:55 | |
CVE-2013-0767 | 10.0 |
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15
|
07-08-2020 - 18:46 | 13-01-2013 - 20:55 | |
CVE-2013-0766 | 9.3 |
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Sea
|
07-08-2020 - 18:34 | 13-01-2013 - 20:55 | |
CVE-2013-0764 | 9.3 |
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, wh
|
07-08-2020 - 17:54 | 13-01-2013 - 20:55 | |
CVE-2013-0761 | 9.3 |
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows rem
|
07-08-2020 - 17:52 | 13-01-2013 - 20:55 | |
CVE-2013-0749 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a deni
|
07-08-2020 - 17:49 | 13-01-2013 - 20:55 | |
CVE-2012-3994 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Obj
|
07-08-2020 - 15:42 | 10-10-2012 - 17:55 | |
CVE-2012-4181 | 9.3 |
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote atta
|
07-08-2020 - 15:42 | 10-10-2012 - 17:55 | |
CVE-2012-4215 | 9.3 |
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
|
06-08-2020 - 19:21 | 21-11-2012 - 12:55 | |
CVE-2012-5840 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
06-08-2020 - 17:38 | 21-11-2012 - 12:55 | |
CVE-2013-0784 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
06-08-2020 - 17:29 | 19-02-2013 - 23:55 | |
CVE-2013-0783 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a deni
|
06-08-2020 - 17:24 | 19-02-2013 - 23:55 | |
CVE-2013-0782 | 9.3 |
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote att
|
06-08-2020 - 17:14 | 19-02-2013 - 23:55 | |
CVE-2013-0781 | 9.3 |
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory c
|
06-08-2020 - 17:11 | 19-02-2013 - 23:55 | |
CVE-2013-0780 | 9.3 |
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
06-08-2020 - 17:10 | 19-02-2013 - 23:55 | |
CVE-2013-0779 | 9.3 |
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vect
|
06-08-2020 - 17:06 | 19-02-2013 - 23:55 | |
CVE-2013-0778 | 9.3 |
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors
|
06-08-2020 - 16:58 | 19-02-2013 - 23:55 | |
CVE-2012-5833 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers
|
06-08-2020 - 16:50 | 21-11-2012 - 12:55 | |
CVE-2012-4202 | 9.3 |
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attacker
|
06-08-2020 - 16:49 | 21-11-2012 - 12:55 | |
CVE-2012-5841 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write acti
|
06-08-2020 - 16:48 | 21-11-2012 - 12:55 | |
CVE-2013-0777 | 9.3 |
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memo
|
06-08-2020 - 16:48 | 19-02-2013 - 23:55 | |
CVE-2012-5842 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a deni
|
06-08-2020 - 16:47 | 21-11-2012 - 12:55 | |
CVE-2012-5835 | 10.0 |
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or caus
|
06-08-2020 - 16:47 | 21-11-2012 - 12:55 | |
CVE-2012-5839 | 9.3 |
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows
|
06-08-2020 - 16:47 | 21-11-2012 - 12:55 | |
CVE-2013-0776 | 4.0 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides
|
06-08-2020 - 16:47 | 19-02-2013 - 23:55 | |
CVE-2013-0775 | 9.3 |
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
06-08-2020 - 16:41 | 19-02-2013 - 23:55 | |
CVE-2013-0774 | 4.3 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspeci
|
06-08-2020 - 16:40 | 19-02-2013 - 23:55 | |
CVE-2013-0773 | 9.3 |
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modi
|
06-08-2020 - 16:34 | 19-02-2013 - 23:55 | |
CVE-2013-0772 | 5.8 |
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read an
|
06-08-2020 - 16:28 | 19-02-2013 - 23:55 | |
CVE-2013-0765 | 9.3 |
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
06-08-2020 - 16:02 | 19-02-2013 - 23:55 | |
CVE-2013-0748 | 4.3 |
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes i
|
04-08-2020 - 18:59 | 13-01-2013 - 20:55 | |
CVE-2013-0750 | 9.3 |
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15
|
04-08-2020 - 18:59 | 13-01-2013 - 20:55 | |
CVE-2013-0746 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the js
|
04-08-2020 - 18:22 | 13-01-2013 - 20:55 | |
CVE-2013-0744 | 9.3 |
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
|
04-08-2020 - 17:35 | 13-01-2013 - 20:55 | |
CVE-2013-0753 | 9.3 |
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
|
04-08-2020 - 16:21 | 13-01-2013 - 20:55 | |
CVE-2013-0754 | 9.3 |
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaM
|
04-08-2020 - 15:35 | 13-01-2013 - 20:55 | |
CVE-2013-0758 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScri
|
04-08-2020 - 15:32 | 13-01-2013 - 20:55 | |
CVE-2013-0759 | 5.0 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via
|
04-08-2020 - 15:31 | 13-01-2013 - 20:55 | |
CVE-2013-0762 | 9.3 |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Se
|
04-08-2020 - 15:31 | 13-01-2013 - 20:55 | |
CVE-2013-0763 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial
|
04-08-2020 - 15:29 | 13-01-2013 - 20:55 | |
CVE-2012-0470 | 10.0 |
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0471 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0441 | 5.0 |
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
|
18-01-2018 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0467 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0477 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbit
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0479 | 4.3 |
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) A
|
18-01-2018 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-1940 | 9.3 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attack
|
05-01-2018 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1937 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to caus
|
05-01-2018 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1947 | 9.3 |
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to
|
05-01-2018 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1960 | 5.0 |
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1949 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or p
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1967 | 10.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1965 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1954 | 10.0 |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1951 | 10.0 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1966 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1962 | 10.0 |
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1941 | 9.3 |
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 al
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1961 | 4.3 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1950 | 6.4 |
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1959 | 5.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1958 | 9.3 |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1963 | 4.3 |
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1964 | 4.0 |
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1948 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1943 | 6.9 |
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application dire
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1953 | 9.3 |
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1952 | 9.3 |
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1944 | 4.3 |
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, wh
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1955 | 6.8 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1946 | 9.3 |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow r
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1957 | 4.3 |
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1945 | 2.9 |
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1942 | 7.2 |
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0473 | 5.0 |
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0474 | 4.3 |
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0468 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vecto
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0469 | 10.0 |
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0478 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_O
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0472 | 9.3 |
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations a
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0475 | 2.6 |
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1)
|
19-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2013-1681 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbi
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1674 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event d
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1672 | 6.9 |
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via v
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1675 | 4.3 |
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale funct
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1671 | 4.3 |
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1676 | 10.0 |
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of se
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1670 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1679 | 10.0 |
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1680 | 10.0 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code o
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1678 | 10.0 |
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of servic
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1669 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1677 | 10.0 |
The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of ser
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1673 | 6.9 |
The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2012-5837 | 6.8 |
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Per: http://www.mozilla.org/security/anno
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-3965 | 9.3 |
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3978 | 6.8 |
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3980 | 9.3 |
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3975 | 4.3 |
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3973 | 7.6 |
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3969 | 9.3 |
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3966 | 10.0 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-4206 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Per: http://cwe.mitre.
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-4203 | 6.8 |
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-3974 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3958 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-4210 | 9.3 |
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbi
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-3962 | 9.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3970 | 10.0 |
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-3964 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-4192 | 4.3 |
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
|
19-09-2017 - 01:35 | 12-10-2012 - 10:44 | |
CVE-2012-3105 | 9.3 |
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspe
|
19-09-2017 - 01:35 | 05-06-2012 - 23:55 | |
CVE-2012-3971 | 10.0 |
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vecto
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2013-0799 | 7.2 |
Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted argument
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0793 | 4.3 |
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote atta
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0792 | 4.3 |
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0788 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a deni
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0795 | 10.0 |
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for clo
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0801 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory c
|
19-09-2017 - 01:35 | 16-05-2013 - 11:45 | |
CVE-2013-0797 | 6.9 |
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0789 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0794 | 5.8 |
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0751 | 5.8 |
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a craf
|
19-09-2017 - 01:35 | 13-01-2013 - 20:55 | |
CVE-2013-0787 | 9.3 |
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
|
19-09-2017 - 01:35 | 11-03-2013 - 10:55 | |
CVE-2012-1956 | 4.3 |
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-1971 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-3977 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in t
|
09-10-2012 - 11:13 | 09-10-2012 - 11:13 |