VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2011-3079May 1, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

  • CVE-2012-0479Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.

  • CVE-2012-0478Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow

  • CVE-2012-0477Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via th

  • CVE-2012-0475Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSock

  • CVE-2012-0474Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web

  • CVE-2012-0473Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template argum

  • CVE-2012-0472Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly res

  • CVE-2012-0471Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte

  • CVE-2012-0470Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a

  • CVE-2012-0469Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote

  • CVE-2012-0467Apr 25, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory c

  • CVE-2011-3062Mar 30, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

  • CVE-2012-0463Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an

  • CVE-2012-0461Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to

  • CVE-2012-0460Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user inte

  • CVE-2012-0459Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash)

  • CVE-2012-0458Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the hom

  • CVE-2012-0456Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive info

  • CVE-2012-0455Mar 14, 2012
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows use

Page 96 of 106