Total
1332 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0442 | 4 Debian, Mozilla, Opensuse and 1 more | 8 Debian Linux, Firefox, Seamonkey and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2011-3001 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | |||||
CVE-2011-2378 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." | |||||
CVE-2012-0445 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | |||||
CVE-2010-3168 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | |||||
CVE-2011-3649 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2023-12-10 | 2.6 LOW | N/A |
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. | |||||
CVE-2011-2375 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2010-2767 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | |||||
CVE-2011-2985 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2011-3652 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2010-0169 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | |||||
CVE-2011-3664 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Seamonkey and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. | |||||
CVE-2012-0452 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | |||||
CVE-2011-2371 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | |||||
CVE-2011-0072 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | |||||
CVE-2011-0078 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | |||||
CVE-2011-2986 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. | |||||
CVE-2011-2981 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. | |||||
CVE-2011-3658 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 7.5 HIGH | N/A |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | |||||
CVE-2010-1196 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. |