Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0768 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-07 9.3 HIGH N/A
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.
CVE-2013-0767 5 Canonical, Mozilla, Opensuse and 2 more 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more 2020-08-07 10.0 HIGH N/A
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0766 5 Canonical, Mozilla, Opensuse and 2 more 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more 2020-08-07 9.3 HIGH N/A
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0764 4 Canonical, Mozilla, Opensuse and 1 more 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more 2020-08-07 9.3 HIGH N/A
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.
CVE-2013-0761 4 Canonical, Mozilla, Opensuse and 1 more 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more 2020-08-07 9.3 HIGH N/A
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0749 4 Canonical, Mozilla, Opensuse and 1 more 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more 2020-08-07 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2018-1000852 3 Canonical, Fedoraproject, Freerdp 3 Ubuntu Linux, Fedora, Freerdp 2020-08-07 6.4 MEDIUM 6.5 MEDIUM
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
CVE-2010-2648 3 Canonical, Google, Opensuse 3 Ubuntu Linux, Chrome, Opensuse 2020-08-07 9.3 HIGH N/A
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2012-4181 3 Canonical, Mozilla, Redhat 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more 2020-08-07 9.3 HIGH N/A
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-3994 4 Canonical, Mozilla, Redhat and 1 more 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more 2020-08-07 4.3 MEDIUM N/A
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.
CVE-2010-1770 6 Apple, Canonical, Google and 3 more 12 Mac Os X, Mac Os X Server, Safari and 9 more 2020-08-07 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
CVE-2010-0205 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2020-08-07 4.3 MEDIUM N/A
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
CVE-2014-1497 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-06 6.8 MEDIUM 8.8 HIGH
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.
CVE-2012-4215 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2014-1532 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2020-08-06 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
CVE-2014-1529 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2020-08-06 9.3 HIGH 8.8 HIGH
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
CVE-2012-5840 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.
CVE-2014-1524 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2020-08-06 7.5 HIGH 9.8 CRITICAL
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
CVE-2013-0784 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0783 5 Canonical, Debian, Mozilla and 2 more 13 Ubuntu Linux, Debian Linux, Firefox and 10 more 2020-08-06 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.