rpm package
opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,600)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-1970 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Aug 29, 2012 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption | ||
| CVE-2012-1956 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Aug 29, 2012 | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via | ||
| CVE-2012-1967 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript co | ||
| CVE-2012-1963 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri para | ||
| CVE-2012-1962 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of s | ||
| CVE-2012-1961 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct | ||
| CVE-2012-1960 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile t | ||
| CVE-2012-1959 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects | ||
| CVE-2012-1958 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitra | ||
| CVE-2012-1957 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, w | ||
| CVE-2012-1955 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | ||
| CVE-2012-1954 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service | ||
| CVE-2012-1953 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-re | ||
| CVE-2012-1952 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed | ||
| CVE-2012-1951 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denia | ||
| CVE-2012-1949 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code | ||
| CVE-2012-1948 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jul 18, 2012 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory | ||
| CVE-2012-1947 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jun 5, 2012 | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vec | ||
| CVE-2012-1946 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jun 5, 2012 | Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arb | ||
| CVE-2012-1945 | — | < 45.5.1-1.1 | 45.5.1-1.1 | Jun 5, 2012 | Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display w |
- CVE-2012-1970Aug 29, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption
- CVE-2012-1956Aug 29, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via
- CVE-2012-1967Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript co
- CVE-2012-1963Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri para
- CVE-2012-1962Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of s
- CVE-2012-1961Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct
- CVE-2012-1960Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile t
- CVE-2012-1959Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects
- CVE-2012-1958Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitra
- CVE-2012-1957Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, w
- CVE-2012-1955Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.
- CVE-2012-1954Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service
- CVE-2012-1953Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-re
- CVE-2012-1952Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed
- CVE-2012-1951Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denia
- CVE-2012-1949Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
- CVE-2012-1948Jul 18, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory
- CVE-2012-1947Jun 5, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vec
- CVE-2012-1946Jun 5, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arb
- CVE-2012-1945Jun 5, 2012affected < 45.5.1-1.1fixed 45.5.1-1.1
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display w
Page 71 of 80