Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2767 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | |||||
CVE-2011-3866 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | |||||
CVE-2008-7293 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | N/A |
Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2011-0075 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | |||||
CVE-2011-0065 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. | |||||
CVE-2011-2995 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2011-0084 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
CVE-2010-3767 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. | |||||
CVE-2010-3769 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. | |||||
CVE-2011-2983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | |||||
CVE-2011-3669 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments. | |||||
CVE-2011-0341 | 2 Artifex, Mozilla | 2 Mupdf, Firefox | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. | |||||
CVE-2011-0079 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. | |||||
CVE-2011-3655 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | |||||
CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | |||||
CVE-2012-0453 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.1 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. | |||||
CVE-2011-0054 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. | |||||
CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | |||||
CVE-2011-3664 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Seamonkey and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. | |||||
CVE-2010-0161 | 2 Microsoft, Mozilla | 5 Windows 7, Windows Server 2008, Windows Vista and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. |