VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2012-3986Oct 10, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended ac

  • CVE-2012-3985Oct 10, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been s

  • CVE-2012-3984Oct 10, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrol

  • CVE-2012-3982Oct 10, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption

  • CVE-2012-3980Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects th

  • CVE-2012-3978Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attacke

  • CVE-2012-3976Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a

  • CVE-2012-3975Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privilege

  • CVE-2012-3973Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonito

  • CVE-2012-3972Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecifie

  • CVE-2012-3971Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::re

  • CVE-2012-3969Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted

  • CVE-2012-3967Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers

  • CVE-2012-3966Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a B

  • CVE-2012-3965Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.

  • CVE-2012-3960Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary c

  • CVE-2012-1976Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary

  • CVE-2012-1972Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary

  • CVE-2012-1970Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption

  • CVE-2012-1956Aug 29, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via

Page 94 of 106