Vulnerabilites related to Mozilla - Thunderbird
cve-2021-38502
Vulnerability from cvelistv5
Published
2021-11-03 00:02
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
References
▼ | URL | Tags |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2021-47/ | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1733366 | x_refsource_MISC | |
https://www.debian.org/security/2022/dsa-5034 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Mozilla | Thunderbird |
Version: unspecified < 91.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:22.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366" }, { "name": "DSA-5034", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "91.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird \u003c 91.2." } ], "problemTypes": [ { "descriptions": [ { "description": "Downgrade attack on SMTP STARTTLS connections", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-04T11:06:32", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366" }, { "name": "DSA-5034", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-38502", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "91.2" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird \u003c 91.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Downgrade attack on SMTP STARTTLS connections" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366" }, { "name": "DSA-5034", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-38502", "datePublished": "2021-11-03T00:02:49", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:44:22.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0749
Vulnerability from cvelistv5
Published
2013-01-13 20:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.812Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "name": "SUSE-SU-2013:0048", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "name": "USN-1681-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "SUSE-SU-2013:0049", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "name": "openSUSE-SU-2013:0149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "name": "USN-1681-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "name": "oval:org.mitre.oval:def:16953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "name": "SUSE-SU-2013:0048", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "name": "USN-1681-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "SUSE-SU-2013:0049", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "name": "openSUSE-SU-2013:0149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "name": "USN-1681-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "name": "oval:org.mitre.oval:def:16953", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0749", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" }, { "name": "SUSE-SU-2013:0048", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "name": "http://www.palemoon.org/releasenotes-ng.shtml", "refsource": "CONFIRM", "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" }, { "name": "USN-1681-4", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "SUSE-SU-2013:0049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" }, { "name": "openSUSE-SU-2013:0149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" }, { "name": "USN-1681-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-2" }, { "name": "oval:org.mitre.oval:def:16953", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0749", "datePublished": "2013-01-13T20:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:33:05.812Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-0815
Vulnerability from cvelistv5
Published
2015-04-01 10:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:26:11.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "73466", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/73466" }, { "name": "1031996", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031996" }, { "name": "openSUSE-SU-2015:0892", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" }, { "name": "GLSA-201512-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201512-10" }, { "name": "DSA-3212", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3212" }, { "name": "SUSE-SU-2015:0704", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" }, { "name": "USN-2552-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2552-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515" }, { "name": "RHSA-2015:0766", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "openSUSE-SU-2015:1266", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html" }, { "name": "USN-2550-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2550-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199" }, { "name": "1032000", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1032000" }, { "name": "openSUSE-SU-2015:0677", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" }, { "name": "RHSA-2015:0771", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" }, { "name": "DSA-3211", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3211" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-03-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-30T15:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "73466", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/73466" }, { "name": "1031996", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031996" }, { "name": "openSUSE-SU-2015:0892", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" }, { "name": "GLSA-201512-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201512-10" }, { "name": "DSA-3212", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3212" }, { "name": "SUSE-SU-2015:0704", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" }, { "name": "USN-2552-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2552-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515" }, { "name": "RHSA-2015:0766", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "openSUSE-SU-2015:1266", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html" }, { "name": "USN-2550-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2550-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199" }, { "name": "1032000", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1032000" }, { "name": "openSUSE-SU-2015:0677", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" }, { "name": "RHSA-2015:0771", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" }, { "name": "DSA-3211", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3211" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-0815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "73466", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73466" }, { "name": "1031996", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031996" }, { "name": "openSUSE-SU-2015:0892", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" }, { "name": "GLSA-201512-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-10" }, { "name": "DSA-3212", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3212" }, { "name": "SUSE-SU-2015:0704", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" }, { "name": "USN-2552-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2552-1" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036515" }, { "name": "RHSA-2015:0766", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1137326" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "openSUSE-SU-2015:1266", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-30.html" }, { "name": "USN-2550-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2550-1" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138199" }, { "name": "1032000", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032000" }, { "name": "openSUSE-SU-2015:0677", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" }, { "name": "RHSA-2015:0771", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" }, { "name": "DSA-3211", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3211" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-0815", "datePublished": "2015-04-01T10:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:26:11.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-23953
Vulnerability from cvelistv5
Published
2021-02-26 02:11
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
References
▼ | URL | Tags |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2021-03/ | x_refsource_MISC | |
https://www.mozilla.org/security/advisories/mfsa2021-04/ | x_refsource_MISC | |
https://www.mozilla.org/security/advisories/mfsa2021-05/ | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: < 85 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:14:09.723Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 85" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 78.7" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 78.7" } ] } ], "descriptions": [ { "lang": "en", "value": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-origin information leakage via redirected PDF requests", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-26T02:11:08", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-23953", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox", "version": { "version_data": [ { "version_value": "\u003c 85" } ] } }, { "product_name": "Thunderbird", "version": { "version_data": [ { "version_value": "\u003c 78.7" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_value": "\u003c 78.7" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-origin information leakage via redirected PDF requests" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2021-04/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-23953", "datePublished": "2021-02-26T02:11:08", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:14:09.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45414
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Mozilla | Thunderbird |
Version: unspecified < 102.5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:57.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-50/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1788096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.5.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird \u003c 102.5.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-50/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1788096" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-45414", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-11-14T00:00:00", "dateUpdated": "2024-08-03T14:09:57.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-6499
Vulnerability from cvelistv5
Published
2006-12-20 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:26:46.595Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "1017398", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017398" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24390" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23591" }, { "name": "ADV-2007-1124", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1124" }, { "name": "1017405", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017405" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23614" }, { "name": "1017406", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017406" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23420" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "VU#427972", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/427972" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23545" }, { "name": "102846", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23988" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-12-22T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "1017398", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017398" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24390" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23591" }, { "name": "ADV-2007-1124", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1124" }, { "name": "1017405", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017405" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23614" }, { "name": "1017406", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017406" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23420" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "VU#427972", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/427972" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23545" }, { "name": "102846", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23988" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-6499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21668", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "1017398", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017398" }, { "name": "DSA-1265", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24390" }, { "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" }, { "name": "23422", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23591" }, { "name": "ADV-2007-1124", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1124" }, { "name": "1017405", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017405" }, { "name": "23614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23614" }, { "name": "1017406", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017406" }, { "name": "USN-398-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "23420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23420" }, { "name": "SUSE-SA:2006:080", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "VU#427972", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/427972" }, { "name": "23545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23545" }, { "name": "102846", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1" }, { "name": "TA06-354A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "name": "23589", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "SUSE-SA:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23988" }, { "name": "GLSA-200701-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "USN-400-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-400-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6499", "datePublished": "2006-12-20T01:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-3966
Vulnerability from cvelistv5
Published
2012-08-29 10:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:21:04.215Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2012:1211", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-61.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775794" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775793" }, { "name": "oval:org.mitre.oval:def:16246", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246" }, { "name": "USN-1548-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "RHSA-2012:1210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "SUSE-SU-2012:1157", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "name": "openSUSE-SU-2012:1065", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2012:1211", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-61.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775794" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775793" }, { "name": "oval:org.mitre.oval:def:16246", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246" }, { "name": "USN-1548-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "RHSA-2012:1210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "SUSE-SU-2012:1157", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "name": "openSUSE-SU-2012:1065", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3966", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2012:1211", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-61.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-61.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775794", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775794" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775793", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775793" }, { "name": "oval:org.mitre.oval:def:16246", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246" }, { "name": "USN-1548-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "RHSA-2012:1210", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "SUSE-SU-2012:1157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "name": "openSUSE-SU-2012:1065", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "refsource": "CONFIRM", "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3966", "datePublished": "2012-08-29T10:00:00", "dateReserved": "2012-07-11T00:00:00", "dateUpdated": "2024-08-06T20:21:04.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-4214
Vulnerability from cvelistv5
Published
2012-11-21 11:00
Modified
2024-08-06 20:28
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:28:07.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1638-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=795804" }, { "name": "51370", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51370" }, { "name": "USN-1638-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "name": "openSUSE-SU-2012:1586", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "name": "USN-1636-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "name": "openSUSE-SU-2013:0175", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "name": "RHSA-2012:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "name": "RHSA-2012:1482", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "name": "51434", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51434" }, { "name": "openSUSE-SU-2012:1583", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "name": "51439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51439" }, { "name": "51440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51440" }, { "name": "USN-1638-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "name": "SUSE-SU-2012:1592", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "name": "51359", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51359" }, { "name": "MDVSA-2012:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "name": "openSUSE-SU-2012:1585", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "name": "56628", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/56628" }, { "name": "51381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51381" }, { "name": "51369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51369" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" }, { "name": "51360", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51360" }, { "name": "firefox-nstexteditorstate-code-exec(80187)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80187" }, { "name": "oval:org.mitre.oval:def:16884", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-1638-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=795804" }, { "name": "51370", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51370" }, { "name": "USN-1638-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "name": "openSUSE-SU-2012:1586", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "name": "USN-1636-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "name": "openSUSE-SU-2013:0175", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "name": "RHSA-2012:1483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "name": "RHSA-2012:1482", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "name": "51434", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51434" }, { "name": "openSUSE-SU-2012:1583", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "name": "51439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51439" }, { "name": "51440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51440" }, { "name": "USN-1638-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "name": "SUSE-SU-2012:1592", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "name": "51359", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51359" }, { "name": "MDVSA-2012:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "name": "openSUSE-SU-2012:1585", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "name": "56628", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/56628" }, { "name": "51381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51381" }, { "name": "51369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51369" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" }, { "name": "51360", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51360" }, { "name": "firefox-nstexteditorstate-code-exec(80187)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80187" }, { "name": "oval:org.mitre.oval:def:16884", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4214", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1638-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1638-3" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=795804", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=795804" }, { "name": "51370", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51370" }, { "name": "USN-1638-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1638-2" }, { "name": "openSUSE-SU-2012:1586", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" }, { "name": "USN-1636-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1636-1" }, { "name": "openSUSE-SU-2013:0175", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" }, { "name": "RHSA-2012:1483", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" }, { "name": "http://www.palemoon.org/releasenotes-ng.shtml", "refsource": "CONFIRM", "url": "http://www.palemoon.org/releasenotes-ng.shtml" }, { "name": "RHSA-2012:1482", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" }, { "name": "51434", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51434" }, { "name": "openSUSE-SU-2012:1583", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" }, { "name": "51439", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51439" }, { "name": "51440", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51440" }, { "name": "USN-1638-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1638-1" }, { "name": "SUSE-SU-2012:1592", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" }, { "name": "51359", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51359" }, { "name": "MDVSA-2012:173", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" }, { "name": "openSUSE-SU-2012:1585", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" }, { "name": "56628", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56628" }, { "name": "51381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51381" }, { "name": "51369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51369" }, { "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" }, { "name": "51360", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51360" }, { "name": "firefox-nstexteditorstate-code-exec(80187)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80187" }, { "name": "oval:org.mitre.oval:def:16884", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4214", "datePublished": "2012-11-21T11:00:00", "dateReserved": "2012-08-08T00:00:00", "dateUpdated": "2024-08-06T20:28:07.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-1548
Vulnerability from cvelistv5
Published
2014-07-23 10:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1013056" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021240" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=994444" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1022773" }, { "name": "59719", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59719" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009675" }, { "name": "60083", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60083" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=990096" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1028358" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020219" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1035438" }, { "name": "60621", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60621" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021969" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1002702" }, { "name": "1030620", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030620" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1034383" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021312" }, { "name": "1030619", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030619" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020041" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html" }, { "name": "60628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60628" }, { "name": "59760", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59760" }, { "name": "68818", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68818" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-04T20:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1013056" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021240" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=994444" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1022773" }, { "name": "59719", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59719" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009675" }, { "name": "60083", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60083" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=990096" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1028358" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020219" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1035438" }, { "name": "60621", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60621" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021969" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1002702" }, { "name": "1030620", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030620" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1034383" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021312" }, { "name": "1030619", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030619" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020041" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html" }, { "name": "60628", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60628" }, { "name": "59760", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59760" }, { "name": "68818", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68818" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020008" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1548", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1013056", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1013056" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021240", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021240" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=994444", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=994444" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1022773", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1022773" }, { "name": "59719", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59719" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009675", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1009675" }, { "name": "60083", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60083" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=990096", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=990096" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1028358", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1028358" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020219", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020219" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1035438", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1035438" }, { "name": "60621", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60621" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021969", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021969" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1002702", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1002702" }, { "name": "1030620", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030620" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1034383", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1034383" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021312", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1021312" }, { "name": "1030619", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030619" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020041", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020041" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html" }, { "name": "60628", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60628" }, { "name": "59760", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59760" }, { "name": "68818", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68818" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020008", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1020008" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1548", "datePublished": "2014-07-23T10:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1957
Vulnerability from cvelistv5
Published
2016-03-13 18:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:10:40.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2016:0894", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" }, { "name": "SUSE-SU-2016:0820", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" }, { "name": "openSUSE-SU-2016:1767", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "openSUSE-SU-2016:0731", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" }, { "name": "SUSE-SU-2016:0727", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" }, { "name": "openSUSE-SU-2016:1778", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html" }, { "name": "openSUSE-SU-2016:0876", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" }, { "name": "USN-2917-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2917-1" }, { "name": "DSA-3520", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3520" }, { "name": "openSUSE-SU-2016:1769", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052" }, { "name": "SUSE-SU-2016:0909", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" }, { "name": "DSA-3510", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3510" }, { "name": "openSUSE-SU-2016:0733", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" }, { "name": "1035215", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035215" }, { "name": "SUSE-SU-2016:0777", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" }, { "name": "GLSA-201605-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201605-06" }, { "name": "USN-2934-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2934-1" }, { "name": "USN-2917-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2917-2" }, { "name": "USN-2917-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2917-3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T16:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "openSUSE-SU-2016:0894", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" }, { "name": "SUSE-SU-2016:0820", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" }, { "name": "openSUSE-SU-2016:1767", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "openSUSE-SU-2016:0731", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" }, { "name": "SUSE-SU-2016:0727", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" }, { "name": "openSUSE-SU-2016:1778", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html" }, { "name": "openSUSE-SU-2016:0876", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" }, { "name": "USN-2917-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2917-1" }, { "name": "DSA-3520", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3520" }, { "name": "openSUSE-SU-2016:1769", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052" }, { "name": "SUSE-SU-2016:0909", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" }, { "name": "DSA-3510", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3510" }, { "name": "openSUSE-SU-2016:0733", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" }, { "name": "1035215", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035215" }, { "name": "SUSE-SU-2016:0777", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" }, { "name": "GLSA-201605-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201605-06" }, { "name": "USN-2934-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2934-1" }, { "name": "USN-2917-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2917-2" }, { "name": "USN-2917-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2917-3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-1957", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2016:0894", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" }, { "name": "SUSE-SU-2016:0820", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" }, { "name": "openSUSE-SU-2016:1767", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name": "openSUSE-SU-2016:0731", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" }, { "name": "SUSE-SU-2016:0727", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" }, { "name": "openSUSE-SU-2016:1778", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" }, { "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html" }, { "name": "openSUSE-SU-2016:0876", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" }, { "name": "USN-2917-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2917-1" }, { "name": "DSA-3520", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3520" }, { "name": "openSUSE-SU-2016:1769", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052" }, { "name": "SUSE-SU-2016:0909", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" }, { "name": "DSA-3510", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3510" }, { "name": "openSUSE-SU-2016:0733", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" }, { "name": "1035215", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035215" }, { "name": "SUSE-SU-2016:0777", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" }, { "name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06" }, { "name": "USN-2934-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2934-1" }, { "name": "USN-2917-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2917-2" }, { "name": "USN-2917-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2917-3" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-1957", "datePublished": "2016-03-13T18:00:00", "dateReserved": "2016-01-20T00:00:00", "dateUpdated": "2024-08-05T23:10:40.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-4571
Vulnerability from cvelistv5
Published
2006-09-15 19:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:14:47.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1016847", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016847" }, { "name": "22391", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22391" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "oval:org.mitre.oval:def:11728", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728" }, { "name": "RHSA-2006:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "name": "22055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22055" }, { "name": "22195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22195" }, { "name": "USN-361-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-361-1" }, { "name": "USN-352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "name": "21950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21950" }, { "name": "USN-351-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "name": "22025", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22025" }, { "name": "22056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22056" }, { "name": "22247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22247" }, { "name": "MDKSA-2006:168", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "name": "DSA-1191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.us.debian.org/security/2006/dsa-1191" }, { "name": "22210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22210" }, { "name": "DSA-1210", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1210" }, { "name": "24711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24711" }, { "name": "GLSA-200610-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "name": "22849", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22849" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "name": "21939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21939" }, { "name": "1016848", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016848" }, { "name": "ADV-2006-3617", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "name": "21915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21915" }, { "name": "ADV-2007-1198", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "name": "RHSA-2006:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "name": "DSA-1192", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1192" }, { "name": "GLSA-200609-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22274", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22274" }, { "name": "RHSA-2006:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "name": "21940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21940" }, { "name": "20042", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20042" }, { "name": "22001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22001" }, { "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "name": "USN-350-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21906" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22342" }, { "name": "GLSA-200610-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "name": "22074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22074" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22088", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22088" }, { "name": "21949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21949" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-640" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22036" }, { "name": "1016846", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016846" }, { "name": "USN-354-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "name": "22422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22422" }, { "name": "22299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22299" }, { "name": "MDKSA-2006:169", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "name": "21916", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21916" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-09-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1016847", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016847" }, { "name": "22391", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22391" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "oval:org.mitre.oval:def:11728", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728" }, { "name": "RHSA-2006:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "name": "22055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22055" }, { "name": "22195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22195" }, { "name": "USN-361-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-361-1" }, { "name": "USN-352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "name": "21950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21950" }, { "name": "USN-351-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "name": "22025", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22025" }, { "name": "22056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22056" }, { "name": "22247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22247" }, { "name": "MDKSA-2006:168", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "name": "DSA-1191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.us.debian.org/security/2006/dsa-1191" }, { "name": "22210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22210" }, { "name": "DSA-1210", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1210" }, { "name": "24711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24711" }, { "name": "GLSA-200610-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "name": "22849", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22849" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "name": "21939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21939" }, { "name": "1016848", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016848" }, { "name": "ADV-2006-3617", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "name": "21915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21915" }, { "name": "ADV-2007-1198", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "name": "RHSA-2006:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "name": "DSA-1192", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1192" }, { "name": "GLSA-200609-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22274", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22274" }, { "name": "RHSA-2006:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "name": "21940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21940" }, { "name": "20042", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20042" }, { "name": "22001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22001" }, { "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "name": "USN-350-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21906" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "22342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22342" }, { "name": "GLSA-200610-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "name": "22074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22074" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22088", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22088" }, { "name": "21949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21949" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-640" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22036" }, { "name": "1016846", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016846" }, { "name": "USN-354-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "name": "22422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22422" }, { "name": "22299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22299" }, { "name": "MDKSA-2006:169", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "name": "21916", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21916" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-4571", "datePublished": "2006-09-15T19:00:00", "dateReserved": "2006-09-06T00:00:00", "dateUpdated": "2024-08-07T19:14:47.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11706
Vulnerability from cvelistv5
Published
2019-07-23 13:20
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
References
▼ | URL | Tags |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2019-17/ | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1555646 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201908-20 | vendor-advisory, x_refsource_GENTOO |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Mozilla | Thunderbird |
Version: unspecified < 60.7.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:03:32.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646" }, { "name": "GLSA-201908-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201908-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "60.7.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw in Thunderbird\u0027s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird \u003c 60.7.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Type confusion in icalproperty.c", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-16T19:06:05", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646" }, { "name": "GLSA-201908-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201908-20" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "60.7.1" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw in Thunderbird\u0027s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird \u003c 60.7.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Type confusion in icalproperty.c" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2019-17/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-17/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646" }, { "name": "GLSA-201908-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-20" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11706", "datePublished": "2019-07-23T13:20:26", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2024-08-04T23:03:32.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-5591
Vulnerability from cvelistv5
Published
2013-10-30 10:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=859892 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015 | vdb-entry, signature, x_refsource_OVAL | |
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html | vendor-advisory, x_refsource_SUSE | |
https://security.gentoo.org/glsa/201504-01 | vendor-advisory, x_refsource_GENTOO | |
http://www.mozilla.org/security/announce/2013/mfsa2013-93.html | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:15:21.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892" }, { "name": "oval:org.mitre.oval:def:19015", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015" }, { "name": "openSUSE-SU-2013:1633", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html" }, { "name": "openSUSE-SU-2013:1634", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892" }, { "name": "oval:org.mitre.oval:def:19015", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015" }, { "name": "openSUSE-SU-2013:1633", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html" }, { "name": "openSUSE-SU-2013:1634", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-5591", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892" }, { "name": "oval:org.mitre.oval:def:19015", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015" }, { "name": "openSUSE-SU-2013:1633", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html" }, { "name": "openSUSE-SU-2013:1634", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-5591", "datePublished": "2013-10-30T10:00:00", "dateReserved": "2013-08-26T00:00:00", "dateUpdated": "2024-08-06T17:15:21.464Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5117
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 05:26
Severity ?
EPSS score ?
Summary
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 52.6 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:26:46.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" }, { "name": "1040270", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040270" }, { "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" }, { "name": "102783", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102783" }, { "name": "DSA-4096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4096" }, { "name": "RHSA-2018:0262", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0262" }, { "name": "USN-3544-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3544-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" }, { "name": "RHSA-2018:0122", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0122" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" }, { "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508" }, { "name": "DSA-4102", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4102" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "52.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "52.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "58", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-01-23T00:00:00", "descriptions": [ { "lang": "en", "value": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58." } ], "problemTypes": [ { "descriptions": [ { "description": "URL spoofing with right-to-left text aligned left-to-right", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" }, { "name": "1040270", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040270" }, { "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" }, { "name": "102783", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102783" }, { "name": "DSA-4096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4096" }, { "name": "RHSA-2018:0262", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0262" }, { "name": "USN-3544-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3544-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" }, { "name": "RHSA-2018:0122", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0122" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" }, { "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508" }, { "name": "DSA-4102", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4102" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2018-5117", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52.6" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52.6" } ] } }, { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "58" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "URL spoofing with right-to-left text aligned left-to-right" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" }, { "name": "1040270", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040270" }, { "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" }, { "name": "102783", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102783" }, { "name": "DSA-4096", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4096" }, { "name": "RHSA-2018:0262", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0262" }, { "name": "USN-3544-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3544-1/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" }, { "name": "RHSA-2018:0122", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0122" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" }, { "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508" }, { "name": "DSA-4102", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4102" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2018-5117", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2024-08-05T05:26:46.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46874
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 108 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-52/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-53/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-54/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746139" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "108", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.6.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "102.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.\u003cbr/\u003e*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox \u003c 108, Thunderbird \u003c 102.6.1, Thunderbird \u003c 102.6, and Firefox ESR \u003c 102.6." } ], "problemTypes": [ { "descriptions": [ { "description": "Drag and Dropped Filenames could have been truncated to malicious extensions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T10:06:48.080Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-52/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-53/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-54/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746139" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-13" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-46874", "datePublished": "2022-12-22T00:00:00.000Z", "dateReserved": "2022-12-09T00:00:00.000Z", "dateUpdated": "2025-02-13T16:33:54.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0081
Vulnerability from cvelistv5
Published
2011-05-07 18:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/47653 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2011/dsa-2228 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 | vendor-advisory, x_refsource_MANDRIVA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993 | vdb-entry, signature, x_refsource_OVAL | |
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird | x_refsource_CONFIRM | |
http://www.debian.org/security/2011/dsa-2235 | vendor-advisory, x_refsource_DEBIAN | |
https://bugzilla.mozilla.org/show_bug.cgi?id=645289 | x_refsource_CONFIRM | |
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 | vendor-advisory, x_refsource_MANDRIVA | |
http://www.debian.org/security/2011/dsa-2227 | vendor-advisory, x_refsource_DEBIAN | |
http://downloads.avaya.com/css/P8/documents/100144158 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:43:14.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "47653", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/47653" }, { "name": "DSA-2228", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2228" }, { "name": "MDVSA-2011:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" }, { "name": "oval:org.mitre.oval:def:13993", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" }, { "name": "DSA-2235", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2235" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" }, { "name": "MDVSA-2011:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" }, { "name": "DSA-2227", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2227" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://downloads.avaya.com/css/P8/documents/100144158" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-04-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "47653", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/47653" }, { "name": "DSA-2228", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2228" }, { "name": "MDVSA-2011:079", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" }, { "name": "oval:org.mitre.oval:def:13993", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" }, { "name": "DSA-2235", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2235" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" }, { "name": "MDVSA-2011:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" }, { "name": "DSA-2227", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2227" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://downloads.avaya.com/css/P8/documents/100144158" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0081", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "47653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47653" }, { "name": "DSA-2228", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2228" }, { "name": "MDVSA-2011:079", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" }, { "name": "oval:org.mitre.oval:def:13993", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993" }, { "name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", "refsource": "CONFIRM", "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" }, { "name": "DSA-2235", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2235" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289" }, { "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" }, { "name": "MDVSA-2011:080", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" }, { "name": "DSA-2227", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2227" }, { "name": "http://downloads.avaya.com/css/P8/documents/100144158", "refsource": "CONFIRM", "url": "http://downloads.avaya.com/css/P8/documents/100144158" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0081", "datePublished": "2011-05-07T18:00:00", "dateReserved": "2010-12-21T00:00:00", "dateUpdated": "2024-08-06T21:43:14.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-1675
Vulnerability from cvelistv5
Published
2013-05-16 10:00
Modified
2025-02-07 12:51
Severity ?
EPSS score ?
Summary
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:13:32.387Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825" }, { "name": "USN-1823-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "RHSA-2013:0821", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html" }, { "name": "oval:org.mitre.oval:def:16976", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976" }, { "name": "openSUSE-SU-2013:0831", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "name": "openSUSE-SU-2013:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "59858", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/59858" }, { "name": "USN-1822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1822-1" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2013-1675", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-07T12:51:27.223141Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1675" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-07T12:51:29.944Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-14T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825" }, { "name": "USN-1823-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "RHSA-2013:0821", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html" }, { "name": "oval:org.mitre.oval:def:16976", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976" }, { "name": "openSUSE-SU-2013:0831", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "name": "openSUSE-SU-2013:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "59858", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/59858" }, { "name": "USN-1822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1822-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-1675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2699", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825" }, { "name": "USN-1823-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "RHSA-2013:0821", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html" }, { "name": "oval:org.mitre.oval:def:16976", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976" }, { "name": "openSUSE-SU-2013:0831", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "name": "openSUSE-SU-2013:0834", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "59858", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59858" }, { "name": "USN-1822-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1822-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-1675", "datePublished": "2013-05-16T10:00:00.000Z", "dateReserved": "2013-02-13T00:00:00.000Z", "dateUpdated": "2025-02-07T12:51:29.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26951
Vulnerability from cvelistv5
Published
2020-12-09 00:19
Modified
2024-08-04 16:03
Severity ?
EPSS score ?
Summary
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1667113 | x_refsource_MISC | |
https://www.mozilla.org/security/advisories/mfsa2020-50/ | x_refsource_CONFIRM | |
https://www.mozilla.org/security/advisories/mfsa2020-52/ | x_refsource_CONFIRM | |
https://www.mozilla.org/security/advisories/mfsa2020-51/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: < 83 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:22.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 83" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 78.5" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "status": "affected", "version": "\u003c 78.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5." } ], "problemTypes": [ { "descriptions": [ { "description": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-09T00:19:43", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-26951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox", "version": { "version_data": [ { "version_value": "\u003c 83" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_value": "\u003c 78.5" } ] } }, { "product_name": "Thunderbird", "version": { "version_data": [ { "version_value": "\u003c 78.5" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2020-50/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2020-52/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2020-51/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-26951", "datePublished": "2020-12-09T00:19:43", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:22.995Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-2765
Vulnerability from cvelistv5
Published
2010-09-09 18:00
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T02:46:48.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SA:2010:049", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42867" }, { "name": "oval:org.mitre.oval:def:11519", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519" }, { "name": "ADV-2011-0061", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "MDVSA-2010:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2106" }, { "name": "43095", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43095" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SA:2010:049", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42867" }, { "name": "oval:org.mitre.oval:def:11519", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519" }, { "name": "ADV-2011-0061", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "MDVSA-2010:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2106" }, { "name": "43095", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43095" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SA:2010:049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-50.html" }, { "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "name": "http://support.avaya.com/css/P8/documents/100110210", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576447" }, { "name": "http://support.avaya.com/css/P8/documents/100112690", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42867" }, { "name": "oval:org.mitre.oval:def:11519", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519" }, { "name": "ADV-2011-0061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "MDVSA-2010:173", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2106" }, { "name": "43095", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43095" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2765", "datePublished": "2010-09-09T18:00:00", "dateReserved": "2010-07-14T00:00:00", "dateUpdated": "2024-08-07T02:46:48.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-12383
Vulnerability from cvelistv5
Published
2018-10-18 13:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 62 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:30:59.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201810-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-01" }, { "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" }, { "name": "GLSA-201811-13", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201811-13" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775" }, { "name": "DSA-4327", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4327" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/" }, { "name": "RHSA-2018:2835", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2835" }, { "name": "RHSA-2018:3403", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3403" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" }, { "name": "1041610", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041610" }, { "name": "105276", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105276" }, { "name": "1041701", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041701" }, { "name": "RHSA-2018:3458", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3458" }, { "name": "DSA-4304", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4304" }, { "name": "RHSA-2018:2834", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2834" }, { "name": "USN-3793-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3793-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/" }, { "name": "USN-3761-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3761-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "62", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "60.2.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "60.2.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-09-05T00:00:00", "descriptions": [ { "lang": "en", "value": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-25T10:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "GLSA-201810-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-01" }, { "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" }, { "name": "GLSA-201811-13", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201811-13" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775" }, { "name": "DSA-4327", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4327" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/" }, { "name": "RHSA-2018:2835", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2835" }, { "name": "RHSA-2018:3403", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3403" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" }, { "name": "1041610", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041610" }, { "name": "105276", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105276" }, { "name": "1041701", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041701" }, { "name": "RHSA-2018:3458", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3458" }, { "name": "DSA-4304", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4304" }, { "name": "RHSA-2018:2834", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2834" }, { "name": "USN-3793-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3793-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/" }, { "name": "USN-3761-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3761-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2018-12383", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "62" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "60.2.1" } ] } }, { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "60.2.1" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201810-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-01" }, { "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html" }, { "name": "GLSA-201811-13", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-13" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1475775" }, { "name": "DSA-4327", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4327" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2018-23/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-23/" }, { "name": "RHSA-2018:2835", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2835" }, { "name": "RHSA-2018:3403", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3403" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2018-20/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" }, { "name": "1041610", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041610" }, { "name": "105276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105276" }, { "name": "1041701", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041701" }, { "name": "RHSA-2018:3458", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3458" }, { "name": "DSA-4304", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4304" }, { "name": "RHSA-2018:2834", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2834" }, { "name": "USN-3793-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3793-1/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2018-25/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2018-25/" }, { "name": "USN-3761-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3761-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2018-12383", "datePublished": "2018-10-18T13:00:00", "dateReserved": "2018-06-14T00:00:00", "dateUpdated": "2024-08-05T08:30:59.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0787
Vulnerability from cvelistv5
Published
2013-03-11 10:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.266Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1758-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1758-1" }, { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://twitter.com/VUPEN/statuses/309505403631325184" }, { "name": "oval:org.mitre.oval:def:16737", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://twitter.com/thezdi/statuses/309484730506698752" }, { "name": "58391", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/58391" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644" }, { "name": "RHSA-2013:0614", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0614.html" }, { "name": "openSUSE-SU-2013:0468", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html" }, { "name": "openSUSE-SU-2013:0465", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html" }, { "name": "openSUSE-SU-2013:0467", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html" }, { "name": "openSUSE-SU-2013:0431", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html" }, { "name": "SUSE-SU-2013:0470", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html" }, { "name": "RHSA-2013:0627", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0627.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-1758-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1758-1" }, { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "tags": [ "x_refsource_MISC" ], "url": "http://twitter.com/VUPEN/statuses/309505403631325184" }, { "name": "oval:org.mitre.oval:def:16737", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737" }, { "tags": [ "x_refsource_MISC" ], "url": "http://twitter.com/thezdi/statuses/309484730506698752" }, { "name": "58391", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/58391" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644" }, { "name": "RHSA-2013:0614", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0614.html" }, { "name": "openSUSE-SU-2013:0468", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html" }, { "name": "openSUSE-SU-2013:0465", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html" }, { "name": "openSUSE-SU-2013:0467", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html" }, { "name": "openSUSE-SU-2013:0431", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html" }, { "name": "SUSE-SU-2013:0470", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html" }, { "name": "RHSA-2013:0627", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0627.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0787", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1758-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1758-1" }, { "name": "DSA-2699", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "http://twitter.com/VUPEN/statuses/309505403631325184", "refsource": "MISC", "url": "http://twitter.com/VUPEN/statuses/309505403631325184" }, { "name": "oval:org.mitre.oval:def:16737", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737" }, { "name": "http://twitter.com/thezdi/statuses/309484730506698752", "refsource": "MISC", "url": "http://twitter.com/thezdi/statuses/309484730506698752" }, { "name": "58391", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58391" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=848644" }, { "name": "RHSA-2013:0614", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0614.html" }, { "name": "openSUSE-SU-2013:0468", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html" }, { "name": "openSUSE-SU-2013:0465", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html" }, { "name": "openSUSE-SU-2013:0467", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html" }, { "name": "openSUSE-SU-2013:0431", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html" }, { "name": "SUSE-SU-2013:0470", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-29.html" }, { "name": "RHSA-2013:0627", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0627.html" }, { "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", "refsource": "MISC", "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0787", "datePublished": "2013-03-11T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:41:47.266Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45404
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 102.5 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:57.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-47/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-49/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-48/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "107", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Through a series of popup and \u003ccode\u003ewindow.print()\u003c/code\u003e calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107." } ], "problemTypes": [ { "descriptions": [ { "description": "Fullscreen notification bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-47/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-49/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-48/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-45404", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-11-14T00:00:00", "dateUpdated": "2024-08-03T14:09:57.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-1524
Vulnerability from cvelistv5
Published
2014-04-30 10:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2014:0448", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0448.html" }, { "name": "FEDORA-2014-5833", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" }, { "name": "openSUSE-SU-2014:0602", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" }, { "name": "openSUSE-SU-2014:0599", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=989183" }, { "name": "openSUSE-SU-2014:0629", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" }, { "name": "SUSE-SU-2014:0727", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "1030165", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030165" }, { "name": "59866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59866" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "openSUSE-SU-2014:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" }, { "name": "USN-2189-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2189-1" }, { "name": "RHSA-2014:0449", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0449.html" }, { "name": "67131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/67131" }, { "name": "SUSE-SU-2014:0665", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" }, { "name": "DSA-2918", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2918" }, { "name": "DSA-2924", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2924" }, { "name": "USN-2185-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2185-1" }, { "name": "1030164", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030164" }, { "name": "1030163", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030163" }, { "name": "FEDORA-2014-5829", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-04-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-01-04T17:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "RHSA-2014:0448", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0448.html" }, { "name": "FEDORA-2014-5833", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" }, { "name": "openSUSE-SU-2014:0602", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" }, { "name": "openSUSE-SU-2014:0599", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=989183" }, { "name": "openSUSE-SU-2014:0629", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" }, { "name": "SUSE-SU-2014:0727", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "1030165", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030165" }, { "name": "59866", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59866" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "openSUSE-SU-2014:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" }, { "name": "USN-2189-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2189-1" }, { "name": "RHSA-2014:0449", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0449.html" }, { "name": "67131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67131" }, { "name": "SUSE-SU-2014:0665", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" }, { "name": "DSA-2918", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2918" }, { "name": "DSA-2924", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2924" }, { "name": "USN-2185-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2185-1" }, { "name": "1030164", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030164" }, { "name": "1030163", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030163" }, { "name": "FEDORA-2014-5829", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1524", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2014:0448", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0448.html" }, { "name": "FEDORA-2014-5833", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" }, { "name": "openSUSE-SU-2014:0602", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" }, { "name": "openSUSE-SU-2014:0599", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=989183", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=989183" }, { "name": "openSUSE-SU-2014:0629", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" }, { "name": "SUSE-SU-2014:0727", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "1030165", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030165" }, { "name": "59866", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59866" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "openSUSE-SU-2014:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" }, { "name": "USN-2189-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2189-1" }, { "name": "RHSA-2014:0449", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0449.html" }, { "name": "67131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67131" }, { "name": "SUSE-SU-2014:0665", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" }, { "name": "DSA-2918", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2918" }, { "name": "DSA-2924", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2924" }, { "name": "USN-2185-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2185-1" }, { "name": "1030164", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030164" }, { "name": "1030163", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030163" }, { "name": "FEDORA-2014-5829", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1524", "datePublished": "2014-04-30T10:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43536
Vulnerability from cvelistv5
Published
2021-12-08 21:20
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
References
▼ | URL | Tags |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2021-53/ | x_refsource_MISC | |
https://www.mozilla.org/security/advisories/mfsa2021-54/ | x_refsource_MISC | |
https://www.mozilla.org/security/advisories/mfsa2021-52/ | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1730120 | x_refsource_MISC | |
https://www.debian.org/security/2021/dsa-5026 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5034 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202202-03 | vendor-advisory, x_refsource_GENTOO | |
https://security.gentoo.org/glsa/202208-14 | vendor-advisory, x_refsource_GENTOO |
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 91.4.0 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:55:29.308Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730120" }, { "name": "DSA-5026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5026" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html" }, { "name": "DSA-5034", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" }, { "name": "GLSA-202202-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202202-03" }, { "name": "GLSA-202208-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "91.4.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "91.4.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "95", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird \u003c 91.4.0, Firefox ESR \u003c 91.4.0, and Firefox \u003c 95." } ], "problemTypes": [ { "descriptions": [ { "description": "URL leakage when navigating while executing asynchronous function", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T05:11:57", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730120" }, { "name": "DSA-5026", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5026" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html" }, { "name": "DSA-5034", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" }, { "name": "GLSA-202202-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202202-03" }, { "name": "GLSA-202208-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-14" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-43536", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "91.4.0" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "91.4.0" } ] } }, { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "95" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird \u003c 91.4.0, Firefox ESR \u003c 91.4.0, and Firefox \u003c 95." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "URL leakage when navigating while executing asynchronous function" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2021-53/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2021-54/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2021-52/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730120", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1730120" }, { "name": "DSA-5026", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5026" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html" }, { "name": "DSA-5034", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5034" }, { "name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html" }, { "name": "GLSA-202202-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202202-03" }, { "name": "GLSA-202208-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-14" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-43536", "datePublished": "2021-12-08T21:20:30", "dateReserved": "2021-11-08T00:00:00", "dateUpdated": "2024-08-04T03:55:29.308Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5412
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.
References
▼ | URL | Tags |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2017-09/ | x_refsource_CONFIRM | |
https://bugzilla.mozilla.org/show_bug.cgi?id=1328323 | x_refsource_CONFIRM | |
https://www.mozilla.org/security/advisories/mfsa2017-05/ | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1037966 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/96692 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 52 |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:55:35.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328323" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" }, { "name": "1037966", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037966" }, { "name": "96692", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96692" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "52", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "52", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2017-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer overflow read in SVG filters", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328323" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" }, { "name": "1037966", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037966" }, { "name": "96692", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96692" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2017-5412", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52" } ] } }, { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer overflow read in SVG filters" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328323", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328323" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" }, { "name": "1037966", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037966" }, { "name": "96692", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96692" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2017-5412", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2017-01-13T00:00:00", "dateUpdated": "2024-08-05T14:55:35.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-3168
Vulnerability from cvelistv5
Published
2010-09-09 18:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:03:18.399Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:12001", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001" }, { "name": "SUSE-SA:2010:049", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42867" }, { "name": "ADV-2011-0061", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "firefox-xultree-objects-code-exec(61653)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61653" }, { "name": "43108", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43108" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html" }, { "name": "MDVSA-2010:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2010/dsa-2106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:12001", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001" }, { "name": "SUSE-SA:2010:049", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42867" }, { "name": "ADV-2011-0061", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "firefox-xultree-objects-code-exec(61653)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61653" }, { "name": "43108", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43108" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html" }, { "name": "MDVSA-2010:173", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2010/dsa-2106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3168", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:12001", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001" }, { "name": "SUSE-SA:2010:049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" }, { "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "name": "FEDORA-2010-14362", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" }, { "name": "http://support.avaya.com/css/P8/documents/100110210", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100110210" }, { "name": "http://support.avaya.com/css/P8/documents/100112690", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100112690" }, { "name": "42867", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42867" }, { "name": "ADV-2011-0061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "name": "firefox-xultree-objects-code-exec(61653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61653" }, { "name": "43108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43108" }, { "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html" }, { "name": "MDVSA-2010:173", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" }, { "name": "ADV-2010-2323", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2323" }, { "name": "DSA-2106", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2106" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3168", "datePublished": "2010-09-09T18:00:00", "dateReserved": "2010-08-27T00:00:00", "dateUpdated": "2024-08-07T03:03:18.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0762
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:46.634Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:4403", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "mozilla-dialog-code-execution(16623)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162020" }, { "name": "oval:org.mitre.oval:def:10032", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032" }, { "name": "11999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11999/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:4403", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "mozilla-dialog-code-execution(16623)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162020" }, { "name": "oval:org.mitre.oval:def:10032", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032" }, { "name": "11999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11999/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0762", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:4403", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403" }, { "name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" }, { "name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "mozilla-dialog-code-execution(16623)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623" }, { "name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162020" }, { "name": "oval:org.mitre.oval:def:10032", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032" }, { "name": "11999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11999/" }, { "name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", "refsource": "MISC", "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" }, { "name": "20040407 Race conditions in security dialogs", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0762", "datePublished": "2004-08-03T04:00:00", "dateReserved": "2004-08-02T00:00:00", "dateUpdated": "2024-08-08T00:31:46.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-1681
Vulnerability from cvelistv5
Published
2013-05-16 10:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:13:31.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "name": "USN-1823-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "59862", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/59862" }, { "name": "RHSA-2013:0821", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16988", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16988" }, { "name": "openSUSE-SU-2013:0831", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=851781" }, { "name": "openSUSE-SU-2013:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "USN-1822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1822-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "DSA-2699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "name": "USN-1823-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "59862", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/59862" }, { "name": "RHSA-2013:0821", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16988", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16988" }, { "name": "openSUSE-SU-2013:0831", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=851781" }, { "name": "openSUSE-SU-2013:0834", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "USN-1822-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1822-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-1681", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2699", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2699" }, { "name": "MDVSA-2013:165", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" }, { "name": "openSUSE-SU-2013:0825", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" }, { "name": "USN-1823-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1823-1" }, { "name": "59862", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59862" }, { "name": "RHSA-2013:0821", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" }, { "name": "openSUSE-SU-2013:0929", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" }, { "name": "oval:org.mitre.oval:def:16988", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16988" }, { "name": "openSUSE-SU-2013:0831", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" }, { "name": "RHSA-2013:0820", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=851781", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=851781" }, { "name": "openSUSE-SU-2013:0834", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" }, { "name": "openSUSE-SU-2013:0946", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" }, { "name": "USN-1822-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1822-1" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-1681", "datePublished": "2013-05-16T10:00:00", "dateReserved": "2013-02-13T00:00:00", "dateUpdated": "2024-08-06T15:13:31.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5430
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1106 | vendor-advisory, x_refsource_REDHAT | |
https://www.mozilla.org/security/advisories/mfsa2017-12/ | x_refsource_CONFIRM | |
https://www.mozilla.org/security/advisories/mfsa2017-10/ | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97940 | vdb-entry, x_refsource_BID | |
https://www.mozilla.org/security/advisories/mfsa2017-13/ | x_refsource_CONFIRM | |
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038320 | vdb-entry, x_refsource_SECTRACK |
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 52.1 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:04:14.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1106", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1106" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" }, { "name": "97940", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97940" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722" }, { "name": "1038320", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038320" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "52.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "52.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "53", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2017-04-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1, Thunderbird 52.1", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "RHSA-2017:1106", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1106" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" }, { "name": "97940", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97940" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722" }, { "name": "1038320", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038320" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2017-5430", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Thunderbird", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52.1" } ] } }, { "product_name": "Firefox ESR", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "52.1" } ] } }, { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "53" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1, Thunderbird 52.1" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1106", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1106" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" }, { "name": "97940", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97940" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" }, { "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722" }, { "name": "1038320", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038320" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2017-5430", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2017-01-13T00:00:00", "dateUpdated": "2024-08-05T15:04:14.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0463
Vulnerability from cvelistv5
Published
2012-03-14 19:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:23:31.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2012:0417", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" }, { "name": "48402", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48402" }, { "name": "48624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48624" }, { "name": "SUSE-SU-2012:0424", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" }, { "name": "48629", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48629" }, { "name": "SUSE-SU-2012:0425", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=688208" }, { "name": "1026803", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026803" }, { "name": "52466", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52466" }, { "name": "48553", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48553" }, { "name": "48561", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48561" }, { "name": "oval:org.mitre.oval:def:15143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143" }, { "name": "1026801", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026801" }, { "name": "1026804", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026804" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-03-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-10T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2012:0417", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" }, { "name": "48402", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48402" }, { "name": "48624", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48624" }, { "name": "SUSE-SU-2012:0424", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" }, { "name": "48629", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48629" }, { "name": "SUSE-SU-2012:0425", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=688208" }, { "name": "1026803", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026803" }, { "name": "52466", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52466" }, { "name": "48553", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48553" }, { "name": "48561", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48561" }, { "name": "oval:org.mitre.oval:def:15143", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143" }, { "name": "1026801", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026801" }, { "name": "1026804", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026804" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-0463", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2012:0417", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" }, { "name": "48402", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48402" }, { "name": "48624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48624" }, { "name": "SUSE-SU-2012:0424", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" }, { "name": "48629", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48629" }, { "name": "SUSE-SU-2012:0425", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" }, { "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=688208", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=688208" }, { "name": "1026803", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026803" }, { "name": "52466", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52466" }, { "name": "48553", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48553" }, { "name": "48561", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48561" }, { "name": "oval:org.mitre.oval:def:15143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143" }, { "name": "1026801", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026801" }, { "name": "1026804", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026804" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-0463", "datePublished": "2012-03-14T19:00:00", "dateReserved": "2012-01-09T00:00:00", "dateUpdated": "2024-08-06T18:23:31.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36314
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
References
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 102.1 |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-28/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-30/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-32/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773894" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "103", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.\u003cbr\u003eThis bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 102.1, Firefox \u003c 103, and Thunderbird \u003c 102.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Opening local \u003ccode\u003e.lnk\u003c/code\u003e files could cause unexpected network loads", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-28/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-30/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-32/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773894" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-36314", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-07-20T00:00:00", "dateUpdated": "2024-08-03T10:00:04.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-1970
Vulnerability from cvelistv5
Published
2012-08-29 10:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:17:27.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2556", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2556" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158" }, { "name": "RHSA-2012:1211", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "name": "55266", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55266" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765" }, { "name": "DSA-2553", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2553" }, { "name": "USN-1548-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "oval:org.mitre.oval:def:16910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910" }, { "name": "RHSA-2012:1210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "DSA-2554", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2012/dsa-2554" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806" }, { "name": "SUSE-SU-2012:1157", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176" }, { "name": "openSUSE-SU-2012:1065", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-08-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-2556", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2556" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158" }, { "name": "RHSA-2012:1211", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "name": "55266", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55266" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765" }, { "name": "DSA-2553", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2553" }, { "name": "USN-1548-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "oval:org.mitre.oval:def:16910", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910" }, { "name": "RHSA-2012:1210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "DSA-2554", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2012/dsa-2554" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806" }, { "name": "SUSE-SU-2012:1157", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176" }, { "name": "openSUSE-SU-2012:1065", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1970", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2556", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2556" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408" }, { "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158" }, { "name": "RHSA-2012:1211", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" }, { "name": "55266", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55266" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765" }, { "name": "DSA-2553", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2553" }, { "name": "USN-1548-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1548-1" }, { "name": "USN-1548-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1548-2" }, { "name": "oval:org.mitre.oval:def:16910", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910" }, { "name": "RHSA-2012:1210", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" }, { "name": "SUSE-SU-2012:1167", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" }, { "name": "DSA-2554", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2554" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806" }, { "name": "SUSE-SU-2012:1157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176" }, { "name": "openSUSE-SU-2012:1065", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831" }, { "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "refsource": "CONFIRM", "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1970", "datePublished": "2012-08-29T10:00:00", "dateReserved": "2012-03-30T00:00:00", "dateUpdated": "2024-08-06T19:17:27.261Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-3983
Vulnerability from cvelistv5
Published
2012-10-10 17:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:21:04.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "50904", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50904" }, { "name": "50984", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50984" }, { "name": "50935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50935" }, { "name": "oval:org.mitre.oval:def:16901", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16901" }, { "name": "50856", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50856" }, { "name": "50892", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50892" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=762920" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790865" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html" }, { "name": "55318", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55318" }, { "name": "SUSE-SU-2012:1351", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=634444" }, { "name": "USN-1611-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1611-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768313" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "50904", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50904" }, { "name": "50984", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50984" }, { "name": "50935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50935" }, { "name": "oval:org.mitre.oval:def:16901", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16901" }, { "name": "50856", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50856" }, { "name": "50892", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50892" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=762920" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790865" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html" }, { "name": "55318", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55318" }, { "name": "SUSE-SU-2012:1351", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=634444" }, { "name": "USN-1611-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1611-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768313" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3983", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "50904", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50904" }, { "name": "50984", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50984" }, { "name": "50935", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50935" }, { "name": "oval:org.mitre.oval:def:16901", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16901" }, { "name": "50856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50856" }, { "name": "50892", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50892" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=762920", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=762920" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=790865", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790865" }, { "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html" }, { "name": "55318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55318" }, { "name": "SUSE-SU-2012:1351", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=634444", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=634444" }, { "name": "USN-1611-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1611-1" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=768313", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768313" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3983", "datePublished": "2012-10-10T17:00:00", "dateReserved": "2012-07-11T00:00:00", "dateUpdated": "2024-08-06T20:21:04.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-6501
Vulnerability from cvelistv5
Published
2006-12-20 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:26:46.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23433" }, { "name": "MDKSA-2007:010", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" }, { "name": "23439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23439" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "23468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23468" }, { "name": "23598", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23598" }, { "name": "RHSA-2006:0758", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24390" }, { "name": "VU#263412", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/263412" }, { "name": "FEDORA-2006-1491", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2297" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23591" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23614" }, { "name": "RHSA-2006:0759", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "1017404", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017404" }, { "name": "FEDORA-2007-004", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2338" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23420" }, { "name": "20061202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" }, { "name": "23440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23440" }, { "name": "1017403", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017403" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "oval:org.mitre.oval:def:9746", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746" }, { "name": "20061222 rPSA-2006-0234-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23545" }, { "name": "23618", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23618" }, { "name": "GLSA-200701-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" }, { "name": "1017407", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017407" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-883" }, { "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23601" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23988" }, { "name": "MDKSA-2007:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" }, { "name": "23514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23514" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "RHSA-2006:0760", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23433" }, { "name": "MDKSA-2007:010", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" }, { "name": "23439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23439" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "23468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23468" }, { "name": "23598", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23598" }, { "name": "RHSA-2006:0758", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24390" }, { "name": "VU#263412", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/263412" }, { "name": "FEDORA-2006-1491", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2297" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23591" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23614" }, { "name": "RHSA-2006:0759", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "1017404", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017404" }, { "name": "FEDORA-2007-004", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2338" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23420" }, { "name": "20061202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" }, { "name": "23440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23440" }, { "name": "1017403", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017403" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "oval:org.mitre.oval:def:9746", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746" }, { "name": "20061222 rPSA-2006-0234-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23545" }, { "name": "23618", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23618" }, { "name": "GLSA-200701-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" }, { "name": "1017407", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017407" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-883" }, { "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23601" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23988" }, { "name": "MDKSA-2007:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" }, { "name": "23514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23514" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "RHSA-2006:0760", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6501", "datePublished": "2006-12-20T01:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0797
Vulnerability from cvelistv5
Published
2013-04-03 10:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html | vendor-advisory, x_refsource_SUSE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html | x_refsource_CONFIRM | |
https://bugzilla.mozilla.org/show_bug.cgi?id=830134 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2013:0850", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" }, { "name": "oval:org.mitre.oval:def:17146", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134" }, { "name": "SUSE-SU-2013:0645", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "SUSE-SU-2013:0850", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" }, { "name": "oval:org.mitre.oval:def:17146", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134" }, { "name": "SUSE-SU-2013:0645", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0797", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2013:0850", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" }, { "name": "oval:org.mitre.oval:def:17146", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134" }, { "name": "SUSE-SU-2013:0645", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0797", "datePublished": "2013-04-03T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:41:47.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2868
Vulnerability from cvelistv5
Published
2007-06-01 00:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:57:54.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25496", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25496" }, { "name": "1018153", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018153" }, { "name": "FEDORA-2007-308", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2747" }, { "name": "DSA-1308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1308" }, { "name": "27427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27427" }, { "name": "1018151", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018151" }, { "name": "201505", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1" }, { "name": "oval:org.mitre.oval:def:10711", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html" }, { "name": "HPSBUX02156", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" }, { "name": "MDKSA-2007:120", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120" }, { "name": "20070531 FLEA-2007-0023-1: firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded" }, { "name": "24406", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24406" }, { "name": "25647", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25647" }, { "name": "25469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25469" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "103125", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1" }, { "name": "SUSE-SA:2007:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html" }, { "name": "25491", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25491" }, { "name": "GLSA-200706-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200706-06.xml" }, { "name": "25635", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25635" }, { "name": "25534", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25534" }, { "name": "ADV-2007-1994", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1994" }, { "name": "RHSA-2007:0400", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0400.html" }, { "name": "FEDORA-2007-309", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2749" }, { "name": "SSA:2007-152-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857" }, { "name": "USN-469-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-469-1" }, { "name": "MDKSA-2007:131", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131" }, { "name": "DSA-1305", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1305" }, { "name": "25533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25533" }, { "name": "SSRT061236", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" }, { "name": "DSA-1306", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1306" }, { "name": "1018152", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018152" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1424" }, { "name": "25664", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25664" }, { "name": "MDKSA-2007:119", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119" }, { "name": "SSA:2007-066-04", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947" }, { "name": "24456", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24456" }, { "name": "25644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25644" }, { "name": "25858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25858" }, { "name": "USN-468-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-468-1" }, { "name": "VU#609956", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/609956" }, { "name": "ADV-2008-0082", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0082" }, { "name": "RHSA-2007:0401", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html" }, { "name": "25476", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25476" }, { "name": "ADV-2007-3632", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3632" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "mozilla-javascripteng-code-execution(34605)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34605" }, { "name": "35138", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/35138" }, { "name": "24242", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24242" }, { "name": "25750", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25750" }, { "name": "25489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25489" }, { "name": "DSA-1300", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1300" }, { "name": "25559", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25559" }, { "name": "28363", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28363" }, { "name": "25490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25490" }, { "name": "25488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25488" }, { "name": "25492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25492" }, { "name": "RHSA-2007:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html" }, { "name": "TA07-151A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html" }, { "name": "25685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25685" }, { "name": "20070620 FLEA-2007-0027-1: thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "25496", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25496" }, { "name": "1018153", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018153" }, { "name": "FEDORA-2007-308", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2747" }, { "name": "DSA-1308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1308" }, { "name": "27427", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27427" }, { "name": "1018151", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018151" }, { "name": "201505", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1" }, { "name": "oval:org.mitre.oval:def:10711", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html" }, { "name": "HPSBUX02156", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" }, { "name": "MDKSA-2007:120", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120" }, { "name": "20070531 FLEA-2007-0023-1: firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded" }, { "name": "24406", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24406" }, { "name": "25647", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25647" }, { "name": "25469", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25469" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "103125", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1" }, { "name": "SUSE-SA:2007:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html" }, { "name": "25491", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25491" }, { "name": "GLSA-200706-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200706-06.xml" }, { "name": "25635", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25635" }, { "name": "25534", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25534" }, { "name": "ADV-2007-1994", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1994" }, { "name": "RHSA-2007:0400", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0400.html" }, { "name": "FEDORA-2007-309", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2749" }, { "name": "SSA:2007-152-02", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857" }, { "name": "USN-469-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-469-1" }, { "name": "MDKSA-2007:131", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131" }, { "name": "DSA-1305", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1305" }, { "name": "25533", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25533" }, { "name": "SSRT061236", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579" }, { "name": "DSA-1306", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1306" }, { "name": "1018152", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018152" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1424" }, { "name": "25664", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25664" }, { "name": "MDKSA-2007:119", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119" }, { "name": "SSA:2007-066-04", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.363947" }, { "name": "24456", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24456" }, { "name": "25644", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25644" }, { "name": "25858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25858" }, { "name": "USN-468-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-468-1" }, { "name": "VU#609956", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/609956" }, { "name": "ADV-2008-0082", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0082" }, { "name": "RHSA-2007:0401", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html" }, { "name": "25476", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25476" }, { "name": "ADV-2007-3632", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3632" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "mozilla-javascripteng-code-execution(34605)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34605" }, { "name": "35138", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/35138" }, { "name": "24242", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24242" }, { "name": "25750", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25750" }, { "name": "25489", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25489" }, { "name": "DSA-1300", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1300" }, { "name": "25559", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25559" }, { "name": "28363", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28363" }, { "name": "25490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25490" }, { "name": "25488", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25488" }, { "name": "25492", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25492" }, { "name": "RHSA-2007:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html" }, { "name": "TA07-151A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html" }, { "name": "25685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25685" }, { "name": "20070620 FLEA-2007-0027-1: thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-2868", "datePublished": "2007-06-01T00:00:00", "dateReserved": "2007-05-29T00:00:00", "dateUpdated": "2024-08-07T13:57:54.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0781
Vulnerability from cvelistv5
Published
2013-02-19 23:00
Modified
2024-08-06 14:41
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-1729-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.ubuntu.com/usn/USN-1729-2 | vendor-advisory, x_refsource_UBUNTU | |
http://www.ubuntu.com/usn/USN-1748-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html | vendor-advisory, x_refsource_SUSE | |
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html | vendor-advisory, x_refsource_SUSE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934 | vdb-entry, signature, x_refsource_OVAL | |
https://bugzilla.mozilla.org/show_bug.cgi?id=821991 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:41:47.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-1729-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1729-1" }, { "name": "USN-1729-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1729-2" }, { "name": "USN-1748-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1748-1" }, { "name": "openSUSE-SU-2013:0324", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" }, { "name": "openSUSE-SU-2013:0323", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" }, { "name": "oval:org.mitre.oval:def:16934", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-1729-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1729-1" }, { "name": "USN-1729-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1729-2" }, { "name": "USN-1748-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1748-1" }, { "name": "openSUSE-SU-2013:0324", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" }, { "name": "openSUSE-SU-2013:0323", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" }, { "name": "oval:org.mitre.oval:def:16934", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0781", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-1729-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1729-1" }, { "name": "USN-1729-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1729-2" }, { "name": "USN-1748-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1748-1" }, { "name": "openSUSE-SU-2013:0324", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" }, { "name": "openSUSE-SU-2013:0323", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" }, { "name": "oval:org.mitre.oval:def:16934", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0781", "datePublished": "2013-02-19T23:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:41:47.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0750
Vulnerability from cvelistv5
Published
2013-01-13 20:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2013:0048", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "name": "oval:org.mitre.oval:def:16957", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16957" }, { "name": "RHSA-2013:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "name": "USN-1681-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "RHSA-2013:0144", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "name": "SUSE-SU-2013:0049", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "name": "openSUSE-SU-2013:0149", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805121" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-12.html" }, { "name": "USN-1681-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "SUSE-SU-2013:0048", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "name": "oval:org.mitre.oval:def:16957", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16957" }, { "name": "RHSA-2013:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "name": "USN-1681-4", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "RHSA-2013:0144", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "name": "SUSE-SU-2013:0049", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "name": "openSUSE-SU-2013:0149", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805121" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-12.html" }, { "name": "USN-1681-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-1681-2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2013:0048", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" }, { "name": "openSUSE-SU-2013:0131", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" }, { "name": "oval:org.mitre.oval:def:16957", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16957" }, { "name": "RHSA-2013:0145", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" }, { "name": "USN-1681-4", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-4" }, { "name": "RHSA-2013:0144", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" }, { "name": "SUSE-SU-2013:0049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" }, { "name": "USN-1681-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-1" }, { "name": "openSUSE-SU-2013:0149", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805121", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805121" }, { "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-12.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-12.html" }, { "name": "USN-1681-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1681-2" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0750", "datePublished": "2013-01-13T20:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:33:05.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-6497
Vulnerability from cvelistv5
Published
2006-12-20 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:26:46.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#606260", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/606260" }, { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23433" }, { "name": "102885", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1" }, { "name": "MDKSA-2007:010", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" }, { "name": "24948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24948" }, { "name": "23439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23439" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "23468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23468" }, { "name": "oval:org.mitre.oval:def:11691", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691" }, { "name": "23598", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23598" }, { "name": "RHSA-2006:0758", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" }, { "name": "1017398", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017398" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24390" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" }, { "name": "FEDORA-2006-1491", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2297" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23591" }, { "name": "1017405", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017405" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23614" }, { "name": "1017406", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017406" }, { "name": "RHSA-2006:0759", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "FEDORA-2007-004", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2338" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23420" }, { "name": "20061202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" }, { "name": "23440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23440" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "20061222 rPSA-2006-0234-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" }, { "name": "VU#427972", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/427972" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23545" }, { "name": "23618", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23618" }, { "name": "GLSA-200701-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-883" }, { "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23601" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23988" }, { "name": "MDKSA-2007:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" }, { "name": "ADV-2007-1463", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1463" }, { "name": "23514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23514" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "RHSA-2006:0760", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "VU#606260", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/606260" }, { "name": "21668", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21668" }, { "name": "23433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23433" }, { "name": "102885", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1" }, { "name": "MDKSA-2007:010", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" }, { "name": "24948", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24948" }, { "name": "23439", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23439" }, { "name": "23672", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23672" }, { "name": "ADV-2006-5068", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/5068" }, { "name": "23468", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23468" }, { "name": "oval:org.mitre.oval:def:11691", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691" }, { "name": "23598", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23598" }, { "name": "RHSA-2006:0758", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" }, { "name": "1017398", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017398" }, { "name": "DSA-1265", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1265" }, { "name": "24078", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24078" }, { "name": "23692", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23692" }, { "name": "USN-398-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-2" }, { "name": "GLSA-200701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" }, { "name": "23282", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23282" }, { "name": "24390", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24390" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" }, { "name": "FEDORA-2006-1491", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2297" }, { "name": "23422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23422" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "23591", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23591" }, { "name": "1017405", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017405" }, { "name": "23614", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23614" }, { "name": "1017406", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017406" }, { "name": "RHSA-2006:0759", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" }, { "name": "USN-398-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-398-1" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "FEDORA-2007-004", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2338" }, { "name": "23420", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23420" }, { "name": "20061202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" }, { "name": "23440", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23440" }, { "name": "SUSE-SA:2006:080", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" }, { "name": "20061222 rPSA-2006-0234-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" }, { "name": "VU#427972", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/427972" }, { "name": "23545", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23545" }, { "name": "23618", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23618" }, { "name": "GLSA-200701-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" }, { "name": "TA06-354A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" }, { "name": "23589", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23589" }, { "name": "DSA-1253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1253" }, { "name": "DSA-1258", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1258" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-883" }, { "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" }, { "name": "SUSE-SA:2007:006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" }, { "name": "23601", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23601" }, { "name": "23988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23988" }, { "name": "MDKSA-2007:011", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" }, { "name": "ADV-2007-1463", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1463" }, { "name": "23514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23514" }, { "name": "GLSA-200701-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" }, { "name": "RHSA-2006:0760", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" }, { "name": "USN-400-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-400-1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6497", "datePublished": "2006-12-20T01:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-3660
Vulnerability from cvelistv5
Published
2011-12-21 02:00
Modified
2024-08-06 23:46
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
References