Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.