VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2013-5604Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which a

  • CVE-2013-5603Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of

  • CVE-2013-5602Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute

  • CVE-2013-5599Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, a

  • CVE-2013-5598Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an em

  • CVE-2013-5597Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to ex

  • CVE-2013-5596Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code

  • CVE-2013-5595Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote att

  • CVE-2013-5593Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address

  • CVE-2013-5590Oct 30, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of ser

  • CVE-2013-1738Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default c

  • CVE-2013-1737Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attack

  • CVE-2013-1735Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code

  • CVE-2013-1732Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of

  • CVE-2013-1730Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or ca

  • CVE-2013-1728Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2013-1725Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrar

  • CVE-2013-1724Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup

  • CVE-2013-1723Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect

  • CVE-2013-1722Sep 18, 2013
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers

Page 88 of 106