VYPR

rpm package

opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,600)

  • CVE-2014-1512Mar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumpt

  • CVE-2014-1511CriMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

  • CVE-2014-1510CriMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

  • CVE-2014-1509HigMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders

  • CVE-2014-1508CriMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read a

  • CVE-2014-1505HigMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read tex

  • CVE-2014-1497HigMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-b

  • CVE-2014-1494Mar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2014-1493CriMar 19, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex

  • CVE-2014-1491Feb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes i

  • CVE-2014-1490Feb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-a

  • CVE-2014-1487HigFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error mes

  • CVE-2014-1486CriFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values fo

  • CVE-2014-1482HigFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operat

  • CVE-2014-1481HigFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

  • CVE-2014-1479HigFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content

  • CVE-2014-1478Feb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWri

  • CVE-2014-1477CriFeb 6, 2014
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex

  • CVE-2013-6673MedDec 11, 2013
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circu

  • CVE-2013-6671CriDec 11, 2013
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Page 61 of 80