Total
748 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0818 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2024-11-21 | 7.5 HIGH | N/A |
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | |||||
CVE-2015-0817 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2024-11-21 | 6.8 MEDIUM | N/A |
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | |||||
CVE-2015-0816 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. | |||||
CVE-2015-0815 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2015-0813 | 2 Linux, Mozilla | 4 Linux Kernel, Firefox, Firefox Esr and 1 more | 2024-11-21 | 5.1 MEDIUM | N/A |
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. | |||||
CVE-2015-0807 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | N/A |
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | |||||
CVE-2015-0801 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 7.5 HIGH | N/A |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | |||||
CVE-2014-8641 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2024-11-21 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. | |||||
CVE-2014-8639 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. | |||||
CVE-2014-8638 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. | |||||
CVE-2014-8634 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2014-1595 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Firefox Esr and 1 more | 2024-11-21 | 2.1 LOW | N/A |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. | |||||
CVE-2014-1594 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. | |||||
CVE-2014-1593 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. | |||||
CVE-2014-1592 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. | |||||
CVE-2014-1590 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. | |||||
CVE-2014-1587 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2014-1568 | 4 Apple, Google, Microsoft and 1 more | 9 Mac Os X, Chrome, Chrome Os and 6 more | 2024-11-21 | 7.5 HIGH | N/A |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | |||||
CVE-2014-1567 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | |||||
CVE-2014-1562 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |