Total
707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0182 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 4.3 MEDIUM | N/A |
| The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. | |||||
| CVE-2009-1841 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | |||||
| CVE-2009-1832 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | |||||
| CVE-2009-2535 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2009-2210 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | |||||
| CVE-2008-6961 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2018-10-30 | 4.3 MEDIUM | N/A |
| mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. | |||||
| CVE-2009-1392 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | |||||
| CVE-2009-1833 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | |||||
| CVE-2010-0174 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-0179 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 5.1 MEDIUM | N/A |
| Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | |||||
| CVE-2009-1303 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 5.0 MEDIUM | N/A |
| The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | |||||
| CVE-2009-1836 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2009-2464 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 10.0 HIGH | N/A |
| The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | |||||
| CVE-2010-0175 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. | |||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | |||||
| CVE-2009-1311 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | |||||
| CVE-2009-3373 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-0171 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | |||||
| CVE-2009-3372 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | |||||
| CVE-2009-3376 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. | |||||