Vendor CVEs
Mozilla Corporation
All CVEs
3,627 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4310 | 0.03 | — | 0.06 | Aug 23, 2006 | Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. | |||
| CVE-2006-2723 | 0.03 | — | 0.03 | Jun 1, 2006 | Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. | |||
| CVE-2006-1045 | 0.03 | — | 0.05 | Mar 7, 2006 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application… | |||
| CVE-2006-0836 | 0.03 | — | 0.03 | Feb 22, 2006 | Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | |||
| CVE-2006-0496 | 0.03 | — | 0.03 | Feb 1, 2006 | Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS… | |||
| CVE-2005-4809 | 0.03 | — | 0.06 | Dec 31, 2005 | Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. | |||
| CVE-2004-1380 | 0.03 | — | 0.04 | Oct 20, 2004 | Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||
| CVE-2004-0763 | 0.03 | — | 0.06 | Aug 18, 2004 | Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | |||
| CVE-2004-0648 | 0.03 | — | 0.05 | Aug 6, 2004 | Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||
| CVE-2003-0153 | 0.03 | — | 0.06 | Apr 2, 2003 | bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | |||
| CVE-2003-0154 | 0.03 | — | 0.05 | Apr 2, 2003 | Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi,… | |||
| CVE-2002-2338 | 0.03 | — | 0.04 | Dec 31, 2002 | The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||
| CVE-2002-2359 | 0.03 | — | 0.04 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | |||
| CVE-2001-0329 | 0.03 | — | 0.03 | Jun 27, 2001 | Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||
| CVE-2007-4041 | 0.02 | — | 0.20 | Jul 27, 2007 | Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to… | |||
| CVE-2005-0233 | 0.02 | — | 0.20 | Feb 8, 2005 | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other… | |||
| CVE-2004-0826 | 0.02 | — | 0.23 | Dec 31, 2004 | Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | |||
| CVE-2024-8897 | 0.01 | — | 0.07 | Sep 17, 2024 | Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug… | |||
| CVE-2024-8381 | 0.01 | — | 0.04 | Sep 3, 2024 | A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||
| CVE-2015-7183 | 0.01 | — | 0.07 | Nov 5, 2015 | Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote… | |||
| CVE-2015-7181 | 0.01 | — | 0.08 | Nov 5, 2015 | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows… | |||
| CVE-2015-4497 | 0.01 | — | 0.08 | Aug 29, 2015 | Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading… | |||
| CVE-2015-4493 | 0.01 | — | 0.07 | Aug 16, 2015 | Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a… | |||
| CVE-2015-4491 | 0.01 | — | 0.08 | Aug 16, 2015 | Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or… | |||
| CVE-2015-4486 | 0.01 | — | 0.07 | Aug 16, 2015 | The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. | |||
| CVE-2015-4485 | 0.01 | — | 0.08 | Aug 16, 2015 | Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. | |||
| CVE-2015-4479 | 0.01 | — | 0.09 | Aug 16, 2015 | Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. | |||
| CVE-2015-4477 | 0.01 | — | 0.06 | Aug 16, 2015 | Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | |||
| CVE-2015-4474 | 0.01 | — | 0.06 | Aug 16, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2015-4473 | 0.01 | — | 0.07 | Aug 16, 2015 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2015-2716 | 0.01 | — | 0.07 | May 14, 2015 | Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. | |||
| CVE-2014-1568 | 0.01 | — | 0.16 | Sep 25, 2014 | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla… | |||
| CVE-2014-1545 | 0.01 | — | 0.06 | Jun 11, 2014 | Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. | |||
| CVE-2014-1488 | 0.01 | — | 0.07 | Feb 6, 2014 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of… | |||
| CVE-2014-1478 | 0.01 | — | 0.07 | Feb 6, 2014 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the… | |||
| CVE-2013-5610 | 0.01 | — | 0.07 | Dec 11, 2013 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2013-6629 | 0.01 | — | 0.10 | Nov 19, 2013 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of… | |||
| CVE-2013-5604 | 0.01 | — | 0.06 | Oct 30, 2013 | The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which… | |||
| CVE-2013-5597 | 0.01 | — | 0.06 | Oct 30, 2013 | Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to… | |||
| CVE-2013-1732 | 0.01 | — | 0.09 | Sep 18, 2013 | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of… | |||
| CVE-2013-0796 | 0.01 | — | 0.08 | Apr 3, 2013 | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary… | |||
| CVE-2013-0787 | 0.01 | — | 0.06 | Mar 11, 2013 | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote… | |||
| CVE-2013-0768 | 0.01 | — | 0.08 | Jan 13, 2013 | Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML… | |||
| CVE-2013-0755 | 0.01 | — | 0.07 | Jan 13, 2013 | Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute… | |||
| CVE-2013-0752 | 0.01 | — | 0.07 | Jan 13, 2013 | Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with… | |||
| CVE-2013-0750 | 0.01 | — | 0.06 | Jan 13, 2013 | Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to… | |||
| CVE-2012-5839 | 0.01 | — | 0.07 | Nov 21, 2012 | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute… | |||
| CVE-2012-5835 | 0.01 | — | 0.09 | Nov 21, 2012 | Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2012-5829 | 0.01 | — | 0.08 | Nov 21, 2012 | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via… | |||
| CVE-2012-4202 | 0.01 | — | 0.11 | Nov 21, 2012 | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code… |
- CVE-2006-4310Aug 23, 2006risk 0.03cvss —epss 0.06
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
- CVE-2006-2723Jun 1, 2006risk 0.03cvss —epss 0.03
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
- CVE-2006-1045Mar 7, 2006risk 0.03cvss —epss 0.05
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application…
- CVE-2006-0836Feb 22, 2006risk 0.03cvss —epss 0.03
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
- CVE-2006-0496Feb 1, 2006risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS…
- CVE-2005-4809Dec 31, 2005risk 0.03cvss —epss 0.06
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
- CVE-2004-1380Oct 20, 2004risk 0.03cvss —epss 0.04
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
- CVE-2004-0763Aug 18, 2004risk 0.03cvss —epss 0.06
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
- CVE-2004-0648Aug 6, 2004risk 0.03cvss —epss 0.05
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
- CVE-2003-0153Apr 2, 2003risk 0.03cvss —epss 0.06
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
- CVE-2003-0154Apr 2, 2003risk 0.03cvss —epss 0.05
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi,…
- CVE-2002-2338Dec 31, 2002risk 0.03cvss —epss 0.04
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
- CVE-2002-2359Dec 31, 2002risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
- CVE-2001-0329Jun 27, 2001risk 0.03cvss —epss 0.03
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
- CVE-2007-4041Jul 27, 2007risk 0.02cvss —epss 0.20
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to…
- CVE-2005-0233Feb 8, 2005risk 0.02cvss —epss 0.20
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other…
- CVE-2004-0826Dec 31, 2004risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
- CVE-2024-8897Sep 17, 2024risk 0.01cvss —epss 0.07
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug…
- CVE-2024-8381Sep 3, 2024risk 0.01cvss —epss 0.04
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
- CVE-2015-7183Nov 5, 2015risk 0.01cvss —epss 0.07
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote…
- CVE-2015-7181Nov 5, 2015risk 0.01cvss —epss 0.08
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows…
- CVE-2015-4497Aug 29, 2015risk 0.01cvss —epss 0.08
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading…
- CVE-2015-4493Aug 16, 2015risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a…
- CVE-2015-4491Aug 16, 2015risk 0.01cvss —epss 0.08
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or…
- CVE-2015-4486Aug 16, 2015risk 0.01cvss —epss 0.07
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
- CVE-2015-4485Aug 16, 2015risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
- CVE-2015-4479Aug 16, 2015risk 0.01cvss —epss 0.09
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
- CVE-2015-4477Aug 16, 2015risk 0.01cvss —epss 0.06
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
- CVE-2015-4474Aug 16, 2015risk 0.01cvss —epss 0.06
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2015-4473Aug 16, 2015risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2015-2716May 14, 2015risk 0.01cvss —epss 0.07
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
- CVE-2014-1568Sep 25, 2014risk 0.01cvss —epss 0.16
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla…
- CVE-2014-1545Jun 11, 2014risk 0.01cvss —epss 0.06
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
- CVE-2014-1488Feb 6, 2014risk 0.01cvss —epss 0.07
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of…
- CVE-2014-1478Feb 6, 2014risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the…
- CVE-2013-5610Dec 11, 2013risk 0.01cvss —epss 0.07
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2013-6629Nov 19, 2013risk 0.01cvss —epss 0.10
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of…
- CVE-2013-5604Oct 30, 2013risk 0.01cvss —epss 0.06
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which…
- CVE-2013-5597Oct 30, 2013risk 0.01cvss —epss 0.06
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to…
- CVE-2013-1732Sep 18, 2013risk 0.01cvss —epss 0.09
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of…
- CVE-2013-0796Apr 3, 2013risk 0.01cvss —epss 0.08
The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary…
- CVE-2013-0787Mar 11, 2013risk 0.01cvss —epss 0.06
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote…
- CVE-2013-0768Jan 13, 2013risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML…
- CVE-2013-0755Jan 13, 2013risk 0.01cvss —epss 0.07
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute…
- CVE-2013-0752Jan 13, 2013risk 0.01cvss —epss 0.07
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with…
- CVE-2013-0750Jan 13, 2013risk 0.01cvss —epss 0.06
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to…
- CVE-2012-5839Nov 21, 2012risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute…
- CVE-2012-5835Nov 21, 2012risk 0.01cvss —epss 0.09
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service…
- CVE-2012-5829Nov 21, 2012risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via…
- CVE-2012-4202Nov 21, 2012risk 0.01cvss —epss 0.11
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code…
Page 41 of 73