Vulnerabilities (CVE)

Filtered by vendor Opensuse Subscribe
Filtered by product Opensuse
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1564 2 Mozilla, Opensuse 4 Firefox, Thunderbird, Evergreen and 1 more 2024-10-21 4.3 MEDIUM N/A
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
CVE-2013-0780 5 Canonical, Debian, Mozilla and 2 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-10-21 9.3 HIGH N/A
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
CVE-2012-1972 6 Canonical, Debian, Mozilla and 3 more 15 Ubuntu Linux, Debian Linux, Firefox and 12 more 2024-10-21 10.0 HIGH N/A
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0782 5 Canonical, Debian, Mozilla and 2 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-10-21 9.3 HIGH N/A
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0761 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2024-10-21 9.3 HIGH N/A
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2013-0769 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-10-21 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-4209 5 Canonical, Mozilla, Opensuse and 2 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2024-10-21 4.3 MEDIUM N/A
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
CVE-2013-0800 5 Canonical, Debian, Mozilla and 2 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2024-10-21 6.8 MEDIUM N/A
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
CVE-2013-0759 5 Canonical, Mozilla, Opensuse and 2 more 14 Ubuntu Linux, Firefox, Seamonkey and 11 more 2024-10-21 5.0 MEDIUM N/A
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.
CVE-2013-0757 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2024-10-21 9.3 HIGH N/A
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.
CVE-2012-4194 5 Canonical, Mozilla, Opensuse and 2 more 13 Ubuntu Linux, Firefox, Seamonkey and 10 more 2024-10-21 4.3 MEDIUM N/A
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
CVE-2013-0781 3 Canonical, Mozilla, Opensuse 6 Ubuntu Linux, Firefox, Seamonkey and 3 more 2024-10-21 9.3 HIGH N/A
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2012-5838 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2024-10-21 9.3 HIGH N/A
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more 2024-10-09 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2014-0497 8 Adobe, Apple, Google and 5 more 14 Flash Player, Mac Os X, Macos and 11 more 2024-09-19 10.0 HIGH 9.8 CRITICAL
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-0502 8 Adobe, Apple, Google and 5 more 14 Adobe Air, Adobe Air Sdk, Flash Player and 11 more 2024-09-19 10.0 HIGH 8.8 HIGH
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CVE-2013-0648 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2024-09-19 9.3 HIGH 8.8 HIGH
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0643 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2024-09-19 9.3 HIGH 8.8 HIGH
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2024-09-11 10.0 HIGH 8.4 HIGH
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-9842 8 Apple, Canonical, Debian and 5 more 19 Iphone Os, Mac Os X, Tvos and 16 more 2024-08-28 6.8 MEDIUM 8.8 HIGH
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.