VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2012-1967Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript co

  • CVE-2012-1966Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

  • CVE-2012-1965Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

  • CVE-2012-1963Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri para

  • CVE-2012-1962Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of s

  • CVE-2012-1961Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct

  • CVE-2012-1960Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile t

  • CVE-2012-1959Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects

  • CVE-2012-1958Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitra

  • CVE-2012-1957Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, w

  • CVE-2012-1955Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.

  • CVE-2012-1951Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denia

  • CVE-2012-1950Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.

  • CVE-2012-1949Jul 18, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code

  • CVE-2012-1947Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vec

  • CVE-2012-1946Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arb

  • CVE-2012-1945Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display w

  • CVE-2012-1944Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote

  • CVE-2012-1938Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vecto

  • CVE-2012-0441Jun 5, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote atta

Page 95 of 106