Max CVSS 10.0 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
03-07-2019 - 17:25 09-11-2009 - 17:30
CVE-2012-0591 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:09 08-03-2012 - 22:55
CVE-2012-0633 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:09 08-03-2012 - 22:55
CVE-2012-0635 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:09 08-03-2012 - 22:55
CVE-2012-0629 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:08 08-03-2012 - 22:55
CVE-2012-0630 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:08 08-03-2012 - 22:55
CVE-2012-0631 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:08 08-03-2012 - 22:55
CVE-2012-0632 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:08 08-03-2012 - 22:55
CVE-2012-0627 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:07 08-03-2012 - 22:55
CVE-2012-0628 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:07 08-03-2012 - 22:55
CVE-2012-0626 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:06 08-03-2012 - 22:55
CVE-2012-0607 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:05 08-03-2012 - 22:55
CVE-2012-0625 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:05 08-03-2012 - 22:55
CVE-2012-0606 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:04 08-03-2012 - 22:55
CVE-2012-0608 6.8
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:04 08-03-2012 - 22:55
CVE-2012-0609 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:04 08-03-2012 - 22:55
CVE-2012-0610 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:03 08-03-2012 - 22:55
CVE-2012-0611 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:03 08-03-2012 - 22:55
CVE-2012-0612 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:03 08-03-2012 - 22:55
CVE-2012-0613 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:03 08-03-2012 - 22:55
CVE-2012-0614 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:02 08-03-2012 - 22:55
CVE-2012-0615 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:02 08-03-2012 - 22:55
CVE-2012-0616 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:02 08-03-2012 - 22:55
CVE-2012-0617 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:02 08-03-2012 - 22:55
CVE-2012-0618 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:01 08-03-2012 - 22:55
CVE-2012-0619 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 19:00 08-03-2012 - 22:55
CVE-2012-0620 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:59 08-03-2012 - 22:55
CVE-2012-0621 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:59 08-03-2012 - 22:55
CVE-2012-0622 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:59 08-03-2012 - 22:55
CVE-2012-0623 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:59 08-03-2012 - 22:55
CVE-2012-0592 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:58 08-03-2012 - 22:55
CVE-2012-0593 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:58 08-03-2012 - 22:55
CVE-2012-0594 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:58 08-03-2012 - 22:55
CVE-2012-0624 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:58 08-03-2012 - 22:55
CVE-2012-0595 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:57 08-03-2012 - 22:55
CVE-2012-0596 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:57 08-03-2012 - 22:55
CVE-2012-0597 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:57 08-03-2012 - 22:55
CVE-2012-0598 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:57 08-03-2012 - 22:55
CVE-2012-0599 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:56 08-03-2012 - 22:55
CVE-2012-0600 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:56 08-03-2012 - 22:55
CVE-2012-0601 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:56 08-03-2012 - 22:55
CVE-2012-0602 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:55 08-03-2012 - 22:55
CVE-2012-0603 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:55 08-03-2012 - 22:55
CVE-2012-0604 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:55 08-03-2012 - 22:55
CVE-2012-0605 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 18:54 08-03-2012 - 22:55
CVE-2011-2873 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:43 08-03-2012 - 22:55
CVE-2011-2871 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:42 08-03-2012 - 22:55
CVE-2011-2872 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:42 08-03-2012 - 22:55
CVE-2011-2870 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:41 08-03-2012 - 22:55
CVE-2011-2869 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:40 08-03-2012 - 22:55
CVE-2011-2867 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:39 08-03-2012 - 22:55
CVE-2011-2868 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:39 08-03-2012 - 22:55
CVE-2011-2833 9.3
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebK
29-11-2018 - 14:38 08-03-2012 - 22:55
CVE-2010-0159 10.0
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
16-11-2018 - 15:56 22-02-2010 - 13:00
CVE-2009-0143 4.3
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
08-11-2018 - 20:21 14-03-2009 - 18:30
CVE-2012-0454 7.5
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to caus
30-10-2018 - 16:27 14-03-2012 - 19:55
CVE-2013-5590 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote atta
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5591 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application c
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5593 4.3
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5596 6.8
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attac
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5597 10.0
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5599 10.0
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderb
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5600 10.0
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonke
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5601 10.0
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5602 10.0
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allo
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5603 10.0
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitr
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2013-5604 9.3
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not pro
30-10-2018 - 16:26 30-10-2013 - 10:55
CVE-2009-1303 5.0
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
30-10-2018 - 16:25 22-04-2009 - 18:30
CVE-2010-0167 9.3
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash)
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0169 5.0
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings i
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0171 4.3
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0173 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and applica
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0174 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0175 9.3
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0176 9.3
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0182 4.3
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2013-0991 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0992 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0993 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0994 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0995 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0996 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0997 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0998 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-0999 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1000 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1001 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1002 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1003 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1004 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1005 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1006 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1007 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1008 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1010 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1011 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2013-1014 4.3
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
30-10-2018 - 16:25 20-05-2013 - 14:44
CVE-2007-1008 2.6
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which
16-10-2018 - 16:36 20-02-2007 - 01:28
CVE-2007-3752 9.3
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
15-10-2018 - 21:30 06-09-2007 - 21:17
CVE-2009-0016 5.0
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
11-10-2018 - 20:58 14-03-2009 - 18:30
CVE-2008-3636 7.2
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear So
11-10-2018 - 20:48 11-09-2008 - 01:13
CVE-2010-3131 9.3
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
10-10-2018 - 20:01 26-08-2010 - 18:36
CVE-2010-1585 9.3
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a c
10-10-2018 - 19:57 28-04-2010 - 22:30
CVE-2010-1795 9.3
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
10-10-2018 - 19:57 20-08-2010 - 20:00
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
10-10-2018 - 19:56 24-06-2010 - 12:30
CVE-2009-1571 10.0
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at
10-10-2018 - 19:37 22-02-2010 - 13:00
CVE-2009-0950 9.3
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
10-10-2018 - 19:32 02-06-2009 - 18:30
CVE-2013-1739 5.0
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that t
09-10-2018 - 19:33 22-10-2013 - 22:55
CVE-2009-1309 4.3
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ sco
03-10-2018 - 22:00 22-04-2009 - 18:30
CVE-2009-2285 4.3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
03-10-2018 - 22:00 01-07-2009 - 13:00
CVE-2009-1302 5.0
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1304 5.0
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1305 5.0
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1306 4.3
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1307 6.8
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1308 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-0772 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0774 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0776 7.1
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2012-0441 5.0
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
18-01-2018 - 02:29 05-06-2012 - 23:55
CVE-2012-0451 4.3
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0455 4.3
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on java
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0456 5.0
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote atta
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0457 9.3
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0458 6.8
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through th
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0459 7.5
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0460 6.4
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote at
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0461 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0462 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0464 7.5
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0467 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause
18-01-2018 - 02:29 25-04-2012 - 10:10
CVE-2012-0470 10.0
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
18-01-2018 - 02:29 25-04-2012 - 10:10
CVE-2012-0471 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
18-01-2018 - 02:29 25-04-2012 - 10:10
CVE-2012-0477 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbit
18-01-2018 - 02:29 25-04-2012 - 10:10
CVE-2012-0479 4.3
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) A
18-01-2018 - 02:29 25-04-2012 - 10:10
CVE-2012-0444 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
11-01-2018 - 02:29 01-02-2012 - 16:55
CVE-2012-0463 7.5
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does
11-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0452 7.5
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
10-01-2018 - 02:29 11-02-2012 - 02:55
CVE-2011-2866 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0636 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0637 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0638 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0639 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0648 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
06-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-0634 7.6
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
05-01-2018 - 02:29 08-03-2012 - 22:55
CVE-2012-1937 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to caus
05-01-2018 - 02:29 05-06-2012 - 23:55
CVE-2012-1940 9.3
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attack
05-01-2018 - 02:29 05-06-2012 - 23:55
CVE-2012-1947 9.3
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to
05-01-2018 - 02:29 05-06-2012 - 23:55
CVE-2011-3658 7.5
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly hav
29-12-2017 - 02:29 21-12-2011 - 04:02
CVE-2011-3670 5.0
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by makin
29-12-2017 - 02:29 01-02-2012 - 16:55
CVE-2012-0442 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
29-12-2017 - 02:29 01-02-2012 - 16:55
CVE-2012-0449 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
29-12-2017 - 02:29 01-02-2012 - 16:55
CVE-2012-0468 10.0
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vecto
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-0469 10.0
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-0472 9.3
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations a
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-0473 5.0
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-0474 4.3
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-0478 9.3
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_O
29-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2012-1938 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1941 9.3
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 al
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1942 7.2
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1943 6.9
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application dire
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1944 4.3
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, wh
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1945 2.9
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1946 9.3
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow r
29-12-2017 - 02:29 05-06-2012 - 23:55
CVE-2012-1948 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1949 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or p
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1951 10.0
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1952 9.3
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1953 9.3
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1954 10.0
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1955 6.8
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1957 4.3
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1958 9.3
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1959 5.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1960 5.0
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1961 4.3
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1962 10.0
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1963 4.3
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1964 4.0
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1967 10.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-0475 2.6
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1)
19-12-2017 - 02:29 25-04-2012 - 10:10
CVE-2005-1248 7.5
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
11-10-2017 - 01:30 16-05-2005 - 04:00
CVE-2009-0771 10.0
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0773 10.0
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0775 10.0
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0777 5.8
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2008-4116 9.3
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
29-09-2017 - 01:32 18-09-2008 - 15:04
CVE-2008-3434 7.5
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
29-09-2017 - 01:31 01-08-2008 - 14:41
CVE-2013-1670 4.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1672 6.9
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via v
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1674 9.3
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event d
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1675 4.3
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale funct
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1676 10.0
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of se
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1677 10.0
The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of ser
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1678 10.0
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of servic
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1679 10.0
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1680 10.0
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code o
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1681 10.0
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbi
19-09-2017 - 01:36 16-05-2013 - 11:45
CVE-2013-1682 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory c
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1684 9.3
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote at
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1685 9.3
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary co
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1686 10.0
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or caus
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1687 9.3
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1690 9.3
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1692 4.3
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1693 4.3
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy a
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1694 7.5
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to caus
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1697 9.3
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote atta
19-09-2017 - 01:36 26-06-2013 - 03:19
CVE-2013-1701 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a deni
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1706 7.2
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain priv
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1707 7.2
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1709 4.3
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attac
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1710 10.0
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1712 6.9
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, W
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1713 4.3
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, wh
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1714 4.3
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remo
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1717 5.4
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1718 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1719 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1720 6.8
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1722 9.3
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey befor
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1723 4.3
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application c
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1724 9.3
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1725 6.8
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1726 6.2
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain pr
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1728 4.3
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive inform
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1730 6.8
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers t
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1732 9.3
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbi
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1735 9.3
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attac
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1736 10.0
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or caus
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1737 5.0
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, w
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-1738 9.3
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in
19-09-2017 - 01:36 18-09-2013 - 10:08
CVE-2013-5595 4.3
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified func
19-09-2017 - 01:36 30-10-2013 - 10:55
CVE-2012-3105 9.3
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspe
19-09-2017 - 01:35 05-06-2012 - 23:55
CVE-2012-3598 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3601 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3602 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3606 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3607 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3612 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3613 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3614 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3616 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3617 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3621 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3622 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3623 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3624 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3632 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3643 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3647 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3648 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3649 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3651 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3652 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3654 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3657 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3658 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3659 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3660 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3671 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3672 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3673 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3675 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3676 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3677 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3684 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3685 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3687 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3688 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3692 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3699 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3700 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3701 9.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3702 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3703 8.3
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3704 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3705 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3706 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3707 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3708 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3709 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3710 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3711 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3712 6.8
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in A
19-09-2017 - 01:35 13-09-2012 - 10:30
CVE-2012-3956 10.0
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3957 10.0
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3958 10.0
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3959 10.0
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3960 10.0
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3961 10.0
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3962 9.3
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3963 10.0
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3964 10.0
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3966 10.0
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3968 10.0
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3969 9.3
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3970 10.0
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3971 10.0
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vecto
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3972 5.0
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3974 6.9
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3975 4.3
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3976 5.8
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3978 6.8
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3980 9.3
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-3982 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3983 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3984 6.8
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3985 4.3
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access af
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3986 6.4
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote a
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3988 9.3
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3989 9.3
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3990 10.0
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to exe
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3991 9.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to by
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3992 5.8
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XS
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3993 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3994 4.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Obj
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-3995 10.0
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a den
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4179 10.0
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote att
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4180 10.0
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote a
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4181 10.0
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote atta
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4182 10.0
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4183 10.0
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attacke
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4184 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4185 10.0
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary c
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4186 10.0
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4187 10.0
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary c
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4188 10.0
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-4191 10.0
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and
19-09-2017 - 01:35 12-10-2012 - 10:44
CVE-2012-4192 4.3
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
19-09-2017 - 01:35 12-10-2012 - 10:44
CVE-2012-4193 9.3
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, w
19-09-2017 - 01:35 12-10-2012 - 10:44
CVE-2012-4194 4.3
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location),
19-09-2017 - 01:35 29-10-2012 - 18:55
CVE-2012-4195 5.1
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and prin
19-09-2017 - 01:35 29-10-2012 - 18:55
CVE-2012-4196 5.0
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a pro
19-09-2017 - 01:35 29-10-2012 - 18:55
CVE-2012-4201 6.4
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4202 9.3
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attacker
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4204 10.0
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4205 6.8
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site reques
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4207 4.3
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in pro
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4208 4.3
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions o
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4209 4.3
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which make
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4212 10.0
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4213 10.0
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4214 10.0
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4215 10.0
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4216 10.0
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4217 10.0
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-4218 10.0
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5354 6.8
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
19-09-2017 - 01:35 10-10-2012 - 17:55
CVE-2012-5829 10.0
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5833 10.0
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5835 10.0
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or caus
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5836 10.0
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) proper
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5838 10.0
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5839 10.0
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5840 10.0
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5841 4.3
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write acti
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5842 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a deni
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5843 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2013-0744 9.3
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0745 9.3
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows rem
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0746 9.3
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the js
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0747 6.8
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0748 5.0
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes i
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0749 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a deni
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0750 10.0
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0752 9.3
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0753 9.3
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0754 10.0
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaM
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0755 10.0
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remot
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0756 9.3
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbi
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0757 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0758 10.0
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScri
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0759 5.0
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0760 9.3
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0761 10.0
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows rem
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0762 10.0
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Se
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0763 10.0
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0764 9.3
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, wh
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0765 5.0
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0766 10.0
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Sea
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0767 10.0
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0768 10.0
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbit
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0769 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey be
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0770 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0771 9.3
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote a
19-09-2017 - 01:35 13-01-2013 - 20:55
CVE-2013-0772 5.8
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read an
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0773 10.0
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modi
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0774 5.0
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspeci
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0775 10.0
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0776 4.0
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0777 10.0
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memo
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0778 10.0
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0779 10.0
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vect
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0780 9.3
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0781 10.0
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory c
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0782 10.0
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote att
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0783 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a deni
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0784 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
19-09-2017 - 01:35 19-02-2013 - 23:55
CVE-2013-0787 9.3
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
19-09-2017 - 01:35 11-03-2013 - 10:55
CVE-2013-0788 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a deni
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0791 5.0
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other pr
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0793 4.3
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote atta
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0795 10.0
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for clo
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0797 6.9
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0799 7.2
Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted argument
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0800 9.3
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, Se
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0801 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory c
19-09-2017 - 01:35 16-05-2013 - 11:45
CVE-2013-1035 9.3
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
19-09-2017 - 01:35 19-09-2013 - 10:27
CVE-2011-3647 9.3
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3648 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3649 2.6
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different dom
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3650 9.3
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory c
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3651 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3652 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3653 5.0
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3654 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3655 9.3
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3659 10.0
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2011-3660 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3661 7.5
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3663 4.3
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3664 6.8
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and appl
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3665 7.5
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly han
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3666 6.8
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerabilit
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2012-0443 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0445 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0446 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0447 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0677 9.3
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
19-09-2017 - 01:34 12-06-2012 - 14:55
CVE-2012-1956 4.3
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1970 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1971 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1972 10.0
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1973 10.0
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1974 10.0
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1975 10.0
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-1976 10.0
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2011-2366 4.3
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack invo
19-09-2017 - 01:33 30-06-2011 - 15:55
CVE-2011-2371 10.0
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2372 3.5
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2373 7.6
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2374 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2375 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2376 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2377 5.0
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multip
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2378 10.0
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2605 4.3
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass inten
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2809 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2811 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2813 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2814 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2815 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2816 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2817 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2820 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2831 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2980 7.2
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Troja
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2981 9.3
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Sam
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2982 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corrupt
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2983 4.3
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2985 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and applic
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2986 5.0
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2989 10.0
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and appl
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2991 10.0
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2992 10.0
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possi
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2995 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2997 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2999 4.3
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3000 4.3
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3001 4.3
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3005 9.3
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3219 9.3
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3232 9.3
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3233 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3235 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3236 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3237 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3238 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3239 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3241 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3244 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-3252 9.3
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-2338 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2339 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2341 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2352 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2354 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2356 7.6
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability t
19-09-2017 - 01:32 12-10-2011 - 18:55
CVE-2011-2362 5.0
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Se
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-2363 10.0
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-2364 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-2365 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2010-2752 9.3
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
19-09-2017 - 01:31 30-07-2010 - 20:30
CVE-2010-2753 9.3
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
19-09-2017 - 01:31 30-07-2010 - 20:30
CVE-2010-2754 5.0
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving
19-09-2017 - 01:31 30-07-2010 - 13:26
CVE-2010-2760 9.3
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code v
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2762 6.8
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attacker
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2763 4.3
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2764 4.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2765 9.3
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2766 9.3
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might al
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2767 9.3
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2768 4.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2769 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2770 9.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3166 9.3
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute ar
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3167 9.3
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to e
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3168 9.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to c
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3169 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memor
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3170 4.3
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3173 7.5
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3174 9.3
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3175 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3176 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3178 5.8
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window an
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3179 9.3
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3180 9.3
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessin
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3181 6.9
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the c
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3182 6.9
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allow
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3183 9.3
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3765 9.3
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
19-09-2017 - 01:31 28-10-2010 - 00:00
CVE-2010-3768 9.3
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows
19-09-2017 - 01:31 10-12-2010 - 19:00
CVE-2010-3769 9.3
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers t
19-09-2017 - 01:31 10-12-2010 - 19:00
CVE-2010-3776 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (me
19-09-2017 - 01:31 10-12-2010 - 19:00
CVE-2010-3777 9.3
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:31 10-12-2010 - 19:00
CVE-2010-3778 9.3
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
19-09-2017 - 01:31 10-12-2010 - 19:00
CVE-2010-5074 4.3
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for
19-09-2017 - 01:31 07-12-2011 - 19:55
CVE-2011-0053 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and appl
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0061 9.3
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0062 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0069 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0070 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0071 5.0
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load res
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0072 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0074 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0075 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0077 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0078 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0080 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption a
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0081 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possib
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0083 10.0
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
19-09-2017 - 01:31 30-06-2011 - 16:55
CVE-2011-0084 10.0
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text,
19-09-2017 - 01:31 18-08-2011 - 18:55
CVE-2011-0085 10.0
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues t
19-09-2017 - 01:31 30-06-2011 - 16:55
CVE-2011-0111 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0112 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0113 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0114 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0116 7.6
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0117 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0118 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0119 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0120 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0121 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0122 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0123 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0124 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0125 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0126 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0127 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0128 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0129 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0130 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0131 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0133 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denia
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0134 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0135 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0136 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0137 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0138 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0139 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0140 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0141 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0142 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0143 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0144 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0145 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0146 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0147 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0148 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0149 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0150 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0151 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0152 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0153 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0154 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corrup
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0155 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0156 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0164 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0165 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0168 7.6
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0170 9.3
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile
19-09-2017 - 01:31 03-03-2011 - 20:00
CVE-2011-0259 7.6
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecif
19-09-2017 - 01:31 12-10-2011 - 18:55
CVE-2010-0040 9.3
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0041 4.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0042 4.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0043 9.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archi
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0161 4.3
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial o
19-09-2017 - 01:30 23-03-2010 - 00:53
CVE-2010-0163 4.3
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly
19-09-2017 - 01:30 23-03-2010 - 00:53
CVE-2010-0531 4.3
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0532 6.9
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htm
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0654 4.3
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-1196 9.3
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM nod
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1200 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1201 9.3
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1202 9.3
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption a
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1205 7.5
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
19-09-2017 - 01:30 30-06-2010 - 18:30
CVE-2010-1207 4.3
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node d
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1210 4.3
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to cond
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1211 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1212 9.3
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1213 4.3
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows r
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1215 6.8
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrom
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1387 9.3
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi
19-09-2017 - 01:30 18-06-2010 - 16:30
CVE-2010-1763 10.0
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
19-09-2017 - 01:30 18-06-2010 - 16:30
CVE-2010-1768 6.9
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
19-09-2017 - 01:30 20-08-2010 - 20:00
CVE-2010-1769 10.0
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (appl
19-09-2017 - 01:30 18-06-2010 - 16:30
CVE-2010-1777 9.3
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
19-09-2017 - 01:30 30-07-2010 - 13:26
CVE-2009-2817 9.3
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
19-09-2017 - 01:29 24-09-2009 - 18:30
Back to Top Mark selected
Back to Top