Filtered by vendor Mozilla
Subscribe
Total
2782 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1959 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. | |||||
CVE-2012-1957 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 4.3 MEDIUM | N/A |
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. | |||||
CVE-2012-1958 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. | |||||
CVE-2011-3658 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-28 | 7.5 HIGH | N/A |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | |||||
CVE-2012-0468 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-28 | 10.0 HIGH | N/A |
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. | |||||
CVE-2011-3670 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | |||||
CVE-2012-0469 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. | |||||
CVE-2012-0472 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2012-0473 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 5.0 MEDIUM | N/A |
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | |||||
CVE-2012-0474 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." | |||||
CVE-2012-0478 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | |||||
CVE-2012-1939 | 1 Mozilla | 2 Firefox Esr, Thunderbird Esr | 2017-12-28 | 9.3 HIGH | N/A |
jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. | |||||
CVE-2012-1941 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. | |||||
CVE-2012-1942 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-28 | 7.2 HIGH | N/A |
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. | |||||
CVE-2012-1943 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. | |||||
CVE-2012-1944 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 4.3 MEDIUM | N/A |
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. | |||||
CVE-2012-1945 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 2.9 LOW | N/A |
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. | |||||
CVE-2012-1946 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. | |||||
CVE-2012-1948 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-28 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2012-1949 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-28 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |