Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-5838 | 9.3 |
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5843 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5599 | 10.0 |
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderb
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5590 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote atta
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5595 | 4.3 |
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified func
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5602 | 10.0 |
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allo
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5841 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write acti
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5829 | 9.3 |
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5596 | 6.8 |
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attac
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5601 | 10.0 |
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5840 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5833 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5597 | 10.0 |
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5603 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitr
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5842 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5591 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application c
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5835 | 10.0 |
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5604 | 9.3 |
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not pro
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5600 | 10.0 |
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonke
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5593 | 4.3 |
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5839 | 9.3 |
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4187 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary c
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4186 | 9.3 |
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3956 | 10.0 |
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4214 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3978 | 6.8 |
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3994 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Obj
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3980 | 9.3 |
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4213 | 9.3 |
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4209 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which make
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4195 | 4.3 |
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and prin
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-4188 | 9.3 |
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3991 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to by
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3988 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4183 | 9.3 |
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attacke
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3969 | 9.3 |
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3966 | 10.0 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3963 | 10.0 |
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4215 | 9.3 |
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4182 | 9.3 |
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4181 | 9.3 |
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote atta
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4179 | 9.3 |
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote att
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3961 | 10.0 |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3957 | 10.0 |
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4216 | 9.3 |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3990 | 9.3 |
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to exe
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3982 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4180 | 9.3 |
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote a
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4202 | 9.3 |
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attacker
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3974 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3960 | 10.0 |
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3958 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4193 | 6.8 |
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, w
|
21-10-2024 - 13:55 | 12-10-2012 - 10:44 | |
CVE-2012-3986 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote a
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3992 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XS
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3962 | 9.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4196 | 6.4 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a pro
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-4194 | 4.3 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location),
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-3970 | 10.0 |
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3964 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4185 | 9.3 |
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary c
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4201 | 4.3 |
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3976 | 4.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3959 | 10.0 |
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3105 | 9.3 |
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspe
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-4184 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3995 | 9.3 |
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a den
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3993 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3972 | 5.0 |
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4207 | 4.3 |
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in pro
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3968 | 10.0 |
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1714 | 4.3 |
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remo
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1707 | 7.2 |
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1976 | 10.0 |
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1681 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2012-1972 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1674 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event d
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1722 | 9.3 |
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey befor
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-0799 | 7.2 |
Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted argument
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-0793 | 4.3 |
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote atta
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1973 | 10.0 |
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1684 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote at
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-0800 | 6.8 |
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, Se
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1693 | 4.3 |
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy a
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1692 | 4.3 |
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1725 | 6.8 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1694 | 7.5 |
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to caus
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1687 | 9.3 |
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1967 | 10.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1736 | 10.0 |
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-0791 | 5.0 |
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other pr
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1726 | 6.2 |
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain pr
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2012-1954 | 10.0 |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1951 | 10.0 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1672 | 6.9 |
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via v
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1730 | 6.8 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers t
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1710 | 10.0 |
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1697 | 9.3 |
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote atta
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1675 | 4.3 |
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale funct
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2012-1974 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1706 | 7.2 |
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain priv
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1682 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory c
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1962 | 10.0 |
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1941 | 9.3 |
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 al
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1940 | 9.3 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attack
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1961 | 4.3 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1717 | 5.4 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1676 | 10.0 |
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of se
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1670 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0788 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1701 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1686 | 10.0 |
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1679 | 10.0 |
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1713 | 4.3 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, wh
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1959 | 5.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1718 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1709 | 4.3 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attac
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-0795 | 10.0 |
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for clo
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1970 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-1958 | 9.3 |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-0801 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory c
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0797 | 6.9 |
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1975 | 10.0 |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-1963 | 4.3 |
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1680 | 10.0 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code o
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1678 | 10.0 |
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of servic
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0783 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-1737 | 5.0 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, w
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1735 | 9.3 |
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attac
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1712 | 6.9 |
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, W
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1964 | 4.0 |
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1948 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1953 | 9.3 |
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1952 | 9.3 |
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1944 | 4.3 |
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, wh
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1955 | 6.8 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1946 | 9.3 |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow r
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-1732 | 9.3 |
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2012-1937 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to caus
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-1677 | 10.0 |
The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of ser
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1690 | 9.3 |
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1685 | 9.3 |
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary co
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1957 | 4.3 |
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1947 | 9.3 |
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1945 | 2.9 |
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-0782 | 9.3 |
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote att
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0766 | 9.3 |
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Sea
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0451 | 4.3 |
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0745 | 9.3 |
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows rem
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0744 | 9.3 |
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0758 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScri
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0464 | 7.5 |
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0470 | 10.0 |
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0784 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0768 | 9.3 |
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbit
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0761 | 9.3 |
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows rem
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0756 | 9.3 |
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0747 | 6.8 |
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0456 | 5.0 |
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote atta
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0787 | 9.3 |
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
|
21-10-2024 - 13:55 | 11-03-2013 - 10:55 | |
CVE-2013-0767 | 10.0 |
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0748 | 4.3 |
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes i
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0775 | 9.3 |
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0471 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0462 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0755 | 9.3 |
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remot
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0750 | 9.3 |
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0781 | 9.3 |
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory c
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0753 | 9.3 |
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0780 | 9.3 |
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0779 | 9.3 |
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vect
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0441 | 5.0 |
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-0764 | 9.3 |
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, wh
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0759 | 5.0 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0760 | 9.3 |
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0749 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0746 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the js
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0467 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0458 | 6.8 |
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through th
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0762 | 9.3 |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Se
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0777 | 9.3 |
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memo
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0461 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0776 | 4.0 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0773 | 9.3 |
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modi
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0473 | 5.0 |
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0474 | 4.3 |
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0754 | 9.3 |
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaM
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0477 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbit
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0479 | 4.3 |
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) A
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0459 | 7.5 |
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0763 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0757 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0469 | 10.0 |
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0778 | 9.3 |
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0478 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_O
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0771 | 9.3 |
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote a
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0454 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to caus
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0460 | 6.4 |
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote at
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0774 | 4.3 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspeci
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0770 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0769 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey be
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0472 | 9.3 |
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations a
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0457 | 9.3 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0752 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0463 | 7.5 |
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0455 | 4.3 |
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on java
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2010-2753 | 9.3 |
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
|
03-02-2024 - 02:26 | 30-07-2010 - 20:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-1308 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
|
13-02-2023 - 02:20 | 22-04-2009 - 18:30 | |
CVE-2009-0771 | 10.0 |
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
|
13-02-2023 - 02:19 | 05-03-2009 - 02:30 | |
CVE-2012-1938 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
28-08-2020 - 13:20 | 05-06-2012 - 23:55 | |
CVE-2012-0449 | 9.3 |
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
28-08-2020 - 13:14 | 01-02-2012 - 16:55 | |
CVE-2012-0444 | 10.0 |
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
|
28-08-2020 - 13:12 | 01-02-2012 - 16:55 | |
CVE-2012-0442 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
|
28-08-2020 - 13:11 | 01-02-2012 - 16:55 | |
CVE-2011-3659 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
|
28-08-2020 - 13:10 | 01-02-2012 - 16:55 | |
CVE-2012-3983 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
27-08-2020 - 14:53 | 10-10-2012 - 17:55 | |
CVE-2012-3989 | 9.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary
|
27-08-2020 - 14:50 | 10-10-2012 - 17:55 | |
CVE-2012-5354 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
|
26-08-2020 - 19:40 | 10-10-2012 - 17:55 | |
CVE-2012-3984 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2012-3985 | 4.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access af
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2012-4205 | 6.8 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site reques
|
21-08-2020 - 18:45 | 21-11-2012 - 12:55 | |
CVE-2012-4218 | 10.0 |
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4212 | 10.0 |
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4191 | 9.3 |
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and
|
14-08-2020 - 17:27 | 12-10-2012 - 10:44 | |
CVE-2010-1205 | 7.5 |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
|
14-08-2020 - 15:50 | 30-06-2010 - 18:30 | |
CVE-2012-5836 | 7.5 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) proper
|
13-08-2020 - 13:44 | 21-11-2012 - 12:55 | |
CVE-2012-4217 | 9.3 |
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
|
13-08-2020 - 13:30 | 21-11-2012 - 12:55 | |
CVE-2012-4204 | 9.3 |
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
13-08-2020 - 13:26 | 21-11-2012 - 12:55 | |
CVE-2012-4208 | 4.3 |
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions o
|
12-08-2020 - 19:45 | 21-11-2012 - 12:55 | |
CVE-2013-0772 | 5.8 |
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read an
|
06-08-2020 - 16:28 | 19-02-2013 - 23:55 | |
CVE-2013-0765 | 9.3 |
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
06-08-2020 - 16:02 | 19-02-2013 - 23:55 | |
CVE-2010-0159 | 10.0 |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
|
16-11-2018 - 15:56 | 22-02-2010 - 13:00 | |
CVE-2010-0169 | 5.0 |
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings i
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2010-0182 | 4.3 |
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2009-1303 | 5.0 |
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
|
30-10-2018 - 16:25 | 22-04-2009 - 18:30 | |
CVE-2010-0167 | 9.3 |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash)
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2010-0174 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0173 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and applica
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0175 | 9.3 |
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0176 | 9.3 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0171 | 4.3 |
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2007-2931 | 9.3 |
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat se
|
12-10-2018 - 21:43 | 31-08-2007 - 22:17 | |
CVE-2010-3131 | 9.3 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
|
10-10-2018 - 20:01 | 26-08-2010 - 18:36 | |
CVE-2010-1585 | 9.3 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a c
|
10-10-2018 - 19:57 | 28-04-2010 - 22:30 | |
CVE-2010-1199 | 9.3 |
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
|
10-10-2018 - 19:56 | 24-06-2010 - 12:30 | |
CVE-2009-1571 | 10.0 |
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at
|
10-10-2018 - 19:37 | 22-02-2010 - 13:00 | |
CVE-2013-1739 | 5.0 |
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that t
|
09-10-2018 - 19:33 | 22-10-2013 - 22:55 | |
CVE-2009-1309 | 4.3 |
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ sco
|
03-10-2018 - 22:00 | 22-04-2009 - 18:30 | |
CVE-2009-1307 | 6.8 |
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1306 | 4.3 |
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1304 | 5.0 |
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1305 | 5.0 |
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1302 | 5.0 |
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-0772 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0776 | 7.1 |
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0774 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2012-0452 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
|
10-01-2018 - 02:29 | 11-02-2012 - 02:55 | |
CVE-2011-3670 | 5.0 |
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by makin
|
29-12-2017 - 02:29 | 01-02-2012 - 16:55 | |
CVE-2011-3658 | 7.5 |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly hav
|
29-12-2017 - 02:29 | 21-12-2011 - 04:02 | |
CVE-2012-1960 | 5.0 |
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1949 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or p
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1943 | 6.9 |
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application dire
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1942 | 7.2 |
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0468 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vecto
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0475 | 2.6 |
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1)
|
19-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2009-0773 | 10.0 |
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0775 | 10.0 |
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0777 | 5.8 |
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2013-1724 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1728 | 4.3 |
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive inform
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1719 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1720 | 6.8 |
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1738 | 9.3 |
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1723 | 4.3 |
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application c
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2012-3975 | 4.3 |
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-4192 | 4.3 |
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
|
19-09-2017 - 01:35 | 12-10-2012 - 10:44 | |
CVE-2012-3971 | 10.0 |
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vecto
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2011-3663 | 4.3 |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3661 | 7.5 |
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3650 | 9.3 |
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory c
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3664 | 6.8 |
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and appl
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3649 | 2.6 |
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different dom
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3666 | 6.8 |
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerabilit
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3653 | 5.0 |
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3648 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3647 | 9.3 |
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3654 | 10.0 |
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3651 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3652 | 10.0 |
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3655 | 9.3 |
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3665 | 7.5 |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly han
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3660 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2012-1956 | 4.3 |
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-1971 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-0447 | 5.0 |
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0446 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0445 | 5.0 |
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0443 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2011-3232 | 9.3 |
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2989 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and appl
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2981 | 9.3 |
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Sam
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2378 | 10.0 |
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2377 | 5.0 |
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multip
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2991 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2980 | 7.2 |
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Troja
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-3001 | 4.3 |
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2999 | 4.3 |
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2992 | 10.0 |
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possi
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2982 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corrupt
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2366 | 4.3 |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack invo
|
19-09-2017 - 01:33 | 30-06-2011 - 15:55 | |
CVE-2011-3005 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2605 | 4.3 |
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass inten
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2373 | 7.6 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2983 | 4.3 |
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2372 | 3.5 |
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2995 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2985 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2986 | 5.0 |
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-3000 | 4.3 |
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2997 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2375 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2374 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2371 | 10.0 |
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2376 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2365 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2362 | 5.0 |
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Se
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2364 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2363 | 10.0 |
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2010-3776 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (me
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3768 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3769 | 9.3 |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers t
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3778 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-5074 | 4.3 |
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for
|
19-09-2017 - 01:31 | 07-12-2011 - 19:55 | |
CVE-2010-3777 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3765 | 9.3 |
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
|
19-09-2017 - 01:31 | 28-10-2010 - 00:00 | |
CVE-2010-3183 | 9.3 |
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3181 | 6.9 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the c
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3169 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memor
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3174 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3173 | 7.5 |
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3180 | 9.3 |
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessin
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2768 | 4.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2752 | 9.3 |
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
|
19-09-2017 - 01:31 | 30-07-2010 - 20:30 | |
CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3167 | 9.3 |
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to e
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2764 | 4.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2760 | 9.3 |
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code v
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3179 | 9.3 |
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3175 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3168 | 9.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to c
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2754 | 5.0 |
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving
|
19-09-2017 - 01:31 | 30-07-2010 - 13:26 | |
CVE-2010-2770 | 9.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2766 | 9.3 |
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might al
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3176 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3178 | 5.8 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window an
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2767 | 9.3 |
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3182 | 6.9 |
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allow
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2762 | 6.8 |
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attacker
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3166 | 9.3 |
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute ar
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2769 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2763 | 4.3 |
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2765 | 9.3 |
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2011-0078 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0077 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0061 | 9.3 |
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0075 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0085 | 10.0 |
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues t
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0074 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0070 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0069 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0062 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0080 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption a
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0083 | 10.0 |
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0081 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possib
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0084 | 10.0 |
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text,
|
19-09-2017 - 01:31 | 18-08-2011 - 18:55 | |
CVE-2011-0053 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and appl
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0071 | 5.0 |
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load res
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0072 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2010-1215 | 6.8 |
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrom
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1196 | 9.3 |
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM nod
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1211 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1212 | 9.3 |
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1201 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1202 | 9.3 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption a
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1207 | 4.3 |
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node d
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1213 | 4.3 |
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows r
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1210 | 4.3 |
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to cond
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1200 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-0163 | 4.3 |
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly
|
19-09-2017 - 01:30 | 23-03-2010 - 00:53 | |
CVE-2010-0161 | 4.3 |
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial o
|
19-09-2017 - 01:30 | 23-03-2010 - 00:53 | |
CVE-2010-0654 | 4.3 |
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 |