VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2012-1948Jul 18, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory

  • CVE-2012-1947Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vec

  • CVE-2012-1946Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arb

  • CVE-2012-1945Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display w

  • CVE-2012-1944Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote

  • CVE-2012-1941Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execu

  • CVE-2012-1940Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code

  • CVE-2012-1938Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vecto

  • CVE-2012-1937Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory

  • CVE-2012-0441Jun 5, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote atta

  • CVE-2011-3101May 16, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.

  • CVE-2011-3079May 1, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

  • CVE-2012-0479Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.

  • CVE-2012-0478Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow

  • CVE-2012-0477Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via th

  • CVE-2012-0475Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSock

  • CVE-2012-0474Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web

  • CVE-2012-0473Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template argum

  • CVE-2012-0472Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly res

  • CVE-2012-0471Apr 25, 2012
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte

Page 112 of 124