Filtered by vendor Mozilla
Subscribe
Total
3457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1129 | 2 Freetype, Mozilla | 2 Freetype, Firefox Mobile | 2025-04-11 | 9.3 HIGH | N/A |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
|
|||||
| CVE-2013-1686 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2012-4209 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.
|
|||||
| CVE-2011-0085 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
|
|||||
| CVE-2011-0077 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.
|
|||||
| CVE-2010-1215 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
|
|||||
| CVE-2012-1960 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
|
|||||
| CVE-2012-0447 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
|
|||||
| CVE-2012-1970 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2013-1726 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 6.2 MEDIUM | N/A |
|
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.
|
|||||
| CVE-2013-1670 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
|
|||||
| CVE-2013-1731 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.
|
|||||
| CVE-2011-3665 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 7.5 HIGH | N/A |
|
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
|
|||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverl ...
Show More |
|||||
| CVE-2013-0775 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
|
|||||
| CVE-2011-0056 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
|
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
|
|||||
| CVE-2013-0766 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2013-1681 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2010-2756 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
|
|||||
| CVE-2013-1722 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.
|
|||||
| CVE-2013-0749 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2012-4181 | 3 Canonical, Mozilla, Redhat | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2013-0758 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
|
|||||
| CVE-2013-0747 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
|
|||||
| CVE-2012-0441 | 1 Mozilla | 5 Firefox, Network Security Services, Seamonkey and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.
|
|||||
| CVE-2011-3657 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.
|
|||||
| CVE-2013-1741 | 1 Mozilla | 1 Network Security Services | 2025-04-11 | 7.5 HIGH | N/A |
|
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.
|
|||||
| CVE-2011-3384 | 2 Mozilla, Sage-mozdev | 2 Firefox, Sage | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.
|
|||||
| CVE-2011-2370 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
|
|||||
| CVE-2013-1728 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2010-3177 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
|
|||||
| CVE-2012-3966 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
|
|||||
| CVE-2012-1140 | 2 Freetype, Mozilla | 2 Freetype, Firefox Mobile | 2025-04-11 | 9.3 HIGH | N/A |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
|
|||||
| CVE-2010-0164 | 1 Mozilla | 1 Firefox | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.
|
|||||
| CVE-2013-0763 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.
|
|||||
| CVE-2013-6901 | 2 Cybozu, Mozilla | 2 Garoon, Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-1620 | 4 Canonical, Mozilla, Oracle and 1 more | 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
|
|||||
| CVE-2012-1972 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
|||||
| CVE-2012-4194 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
|
|||||
| CVE-2013-1730 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.
|
|||||