rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-1692 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request for | ||
| CVE-2013-1690 | Hig | 8.8 | KEV | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (applicat |
| CVE-2013-1688 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. | ||
| CVE-2013-1687 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote | ||
| CVE-2013-1684 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary c | ||
| CVE-2013-1682 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 26, 2013 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application cras | ||
| CVE-2013-1679 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denia | ||
| CVE-2013-1676 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via | ||
| CVE-2013-1675 | Med | 6.5 | KEV | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote atta |
| CVE-2013-1674 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
| CVE-2013-1671 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. | ||
| CVE-2013-1670 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which all | ||
| CVE-2013-0801 | — | < 128.5.1-1.1 | 128.5.1-1.1 | May 16, 2013 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application cras | ||
| CVE-2013-0800 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other | ||
| CVE-2013-0796 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary c | ||
| CVE-2013-0795 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which a | ||
| CVE-2013-0794 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | ||
| CVE-2013-0793 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site sc | ||
| CVE-2013-0792 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory co | ||
| CVE-2013-0788 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Apr 3, 2013 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corrupti |
- CVE-2013-1692Jun 26, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request for
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (applicat
- CVE-2013-1688Jun 26, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.
- CVE-2013-1687Jun 26, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote
- CVE-2013-1684Jun 26, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary c
- CVE-2013-1682Jun 26, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application cras
- CVE-2013-1679May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denia
- CVE-2013-1676May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via
- affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote atta
- CVE-2013-1674May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.
- CVE-2013-1671May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
- CVE-2013-1670May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which all
- CVE-2013-0801May 16, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application cras
- CVE-2013-0800Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other
- CVE-2013-0796Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary c
- CVE-2013-0795Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which a
- CVE-2013-0794Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
- CVE-2013-0793Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site sc
- CVE-2013-0792Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory co
- CVE-2013-0788Apr 3, 2013affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corrupti
Page 90 of 106