Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox
Total 2387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0781 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0780 5 Canonical, Debian, Mozilla and 2 more 13 Ubuntu Linux, Debian Linux, Firefox and 10 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
CVE-2013-0779 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 9.3 HIGH N/A
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-0778 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 9.3 HIGH N/A
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2012-5833 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 9.3 HIGH N/A
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.
CVE-2012-4202 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 9.3 HIGH N/A
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.
CVE-2013-0777 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-5841 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 4.3 MEDIUM N/A
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2013-0776 5 Canonical, Debian, Mozilla and 2 more 13 Ubuntu Linux, Debian Linux, Firefox and 10 more 2020-08-06 4.0 MEDIUM N/A
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
CVE-2012-5839 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 9.3 HIGH N/A
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5835 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more 2020-08-06 10.0 HIGH N/A
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.
CVE-2012-5842 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2020-08-06 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-0775 5 Canonical, Debian, Mozilla and 2 more 13 Ubuntu Linux, Debian Linux, Firefox and 10 more 2020-08-06 9.3 HIGH N/A
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
CVE-2013-0774 3 Canonical, Mozilla, Opensuse 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2020-08-06 4.3 MEDIUM N/A
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
CVE-2013-0773 4 Canonical, Debian, Mozilla and 1 more 8 Ubuntu Linux, Debian Linux, Firefox and 5 more 2020-08-06 9.3 HIGH N/A
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
CVE-2013-0772 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2020-08-06 5.8 MEDIUM N/A
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
CVE-2013-0765 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Seamonkey and 1 more 2020-08-06 9.3 HIGH N/A
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-05 7.5 HIGH 9.8 CRITICAL
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
CVE-2014-1514 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-05 7.5 HIGH 9.8 CRITICAL
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.
CVE-2014-1505 7 Canonical, Debian, Mozilla and 4 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-05 5.0 MEDIUM 7.5 HIGH
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.