VYPR

rpm package

opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,600)

  • CVE-2008-5012Nov 13, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary i

  • CVE-2008-4070Sep 27, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup messa

  • CVE-2008-4067Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

  • CVE-2008-4065Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from Java

  • CVE-2008-4064Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert mes

  • CVE-2008-4061Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary

  • CVE-2008-4058Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL

  • CVE-2008-3835Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

  • CVE-2008-0016Sep 24, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

  • CVE-2008-1236Mar 27, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

  • CVE-2008-1233Mar 27, 2008
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

  • CVE-2007-3738Jul 18, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

  • CVE-2007-3737Jul 18, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

  • CVE-2007-3736Jul 18, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that acti

  • CVE-2007-3735Jul 18, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

  • CVE-2007-3734Jul 18, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

  • CVE-2007-3670Jul 10, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox

  • CVE-2007-3656Jul 10, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 re

  • CVE-2007-3285Jun 20, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to t

  • CVE-2007-3089Jun 6, 2007
    affected < 91.1.1-1.1fixed 91.1.1-1.1

    Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code tha

Page 80 of 80