Skip to main content

Mozilla

2674 CVEs vendor

Monthly

CVE-2014-1544 CRITICAL Act Now

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Network Security Services +1
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2014-1545 CRITICAL Act Now

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Netscape Portable Runtime
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2014-1543 HIGH This Week

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-1542 MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Opensuse Firefox +1
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2014-1541 CRITICAL Act Now

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Thunderbird +2
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2014-1540 CRITICAL Act Now

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2014-1539 MEDIUM This Month

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1538 CRITICAL Act Now

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2014-1537 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
10.0
EPSS
3.3%
CVE-2014-1536 CRITICAL Act Now

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-1534 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2014-1533 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1532 CRITICAL POC Act Now

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +16
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2014-1531 HIGH POC This Week

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +16
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2014-1530 MEDIUM This Month

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Seamonkey Thunderbird +12
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2014-1529 HIGH POC This Week

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +12
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2014-1528 CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Microsoft RCE +6
NVD VulDB
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1527 MEDIUM This Month

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Fedora Firefox +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1526 MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Mozilla Privilege Escalation Firefox Seamonkey Ubuntu Linux +2
NVD VulDB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-1525 CRITICAL PATCH Act Now

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +6
NVD VulDB
CVSS 2.0
9.3
EPSS
1.9%
CVE-2014-1524 CRITICAL POC Act Now

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +14
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2014-1523 MEDIUM This Month

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Mozilla Buffer Overflow Firefox +14
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2014-1522 CRITICAL POC Act Now

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Mozilla Buffer Overflow RCE +5
NVD VulDB
CVSS 2.0
9.3
EPSS
0.8%
CVE-2014-1520 MEDIUM POC This Month

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Microsoft Firefox Fedora
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-1519 CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +4
NVD VulDB
CVSS 2.0
9.3
EPSS
2.2%
CVE-2014-1518 HIGH POC This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +14
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2014-1516 MEDIUM POC This Month

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Privilege Escalation Google Firefox
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1515 LOW Monitor

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via. Rated low severity (CVSS 1.9). No vendor patch available.

Mozilla Google Information Disclosure Firefox
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-1492 MEDIUM POC This Month

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Network Security Services
NVD VulDB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-1514 CRITICAL POC Act Now

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2014-1513 HIGH POC This Week

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2014-1512 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Memory Corruption Mozilla RCE Use After Free Firefox +15
NVD
CVSS 2.0
10.0
EPSS
12.9%
CVE-2014-1511 CRITICAL POC THREAT Emergency

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
70.5%
Threat
5.6
CVE-2014-1510 CRITICAL POC THREAT Emergency

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

Mozilla Privilege Escalation Google Firefox Seamonkey +15
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
71.1%
Threat
5.6
CVE-2014-1509 HIGH POC This Week

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Firefox Seamonkey +13
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2014-1508 CRITICAL POC Act Now

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2014-1507 CRITICAL Act Now

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Mozilla Solaris Firefoxos
NVD VulDB
CVSS 2.0
9.3
EPSS
0.7%
CVE-2014-1506 MEDIUM This Month

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mozilla Google Denial Of Service Firefox +1
NVD VulDB
CVSS 2.0
6.4
EPSS
1.5%
CVE-2014-1505 HIGH POC This Week

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +13
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2014-1504 LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation Firefox Seamonkey +5
NVD VulDB
CVSS 2.0
2.6
EPSS
0.6%
CVE-2014-1502 MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Linux Enterprise Desktop Linux Enterprise Server +4
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1501 MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google Solaris Firefox +3
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1500 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse Solaris Firefox +4
NVD VulDB
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-1499 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +4
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1498 MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service Linux Enterprise Desktop Linux Enterprise Server +5
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1497 HIGH POC This Week

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2014-1496 MEDIUM POC This Month

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-1494 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Seamonkey +6
NVD VulDB
CVSS 2.0
9.3
EPSS
0.6%
CVE-2014-1493 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +15
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2014-2018 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Thunderbird Esr Thunderbird Seamonkey
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6674 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 47.5%.

Mozilla XSS Seamonkey Thunderbird Thunderbird Esr
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
47.5%
CVE-2013-6167 MEDIUM POC This Month

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla Firefox
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-1491 MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox Network Security Services Seamonkey +10
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1490 CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition Firefox Network Security Services +11
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2014-1489 MEDIUM This Month

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla Solaris Linux Enterprise Desktop +5
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2014-1488 CRITICAL Act Now

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Seamonkey Ubuntu Linux +5
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2014-1487 HIGH POC This Week

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2014-1486 CRITICAL Act Now

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Mozilla Memory Corruption Use After Free Firefox +15
NVD
CVSS 3.1
9.8
EPSS
10.8%
CVE-2014-1485 HIGH This Week

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Seamonkey Solaris +5
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-1484 MEDIUM This Month

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Google Linux Enterprise Desktop Linux Enterprise Server +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1483 MEDIUM This Month

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Solaris Ubuntu Linux Firefox +5
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1482 HIGH POC This Week

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +17
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2014-1481 HIGH POC This Week

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2014-1480 MEDIUM This Month

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Opensuse Linux Enterprise Desktop Linux Enterprise Server +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1479 HIGH POC This Week

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2014-1478 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +5
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-1477 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +16
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2013-6853 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in clickstream.js in Y!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Microsoft XSS Toolbar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1740 MEDIUM POC This Month

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Network Security Services
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2014-0387 HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Oracle Information Disclosure Java Jdk +1
NVD
CVSS 2.0
7.6
EPSS
6.0%
CVE-2013-6992 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla WordPress XSS PHP +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6673 MEDIUM POC This Month

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Fedora Firefox Seamonkey +6
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2013-6672 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Linux Enterprise Desktop Linux Enterprise Server +6
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-6671 CRITICAL POC THREAT Emergency

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Code Injection Mozilla RCE Firefox Seamonkey +14
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2013-5619 HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow Opensuse Linux Enterprise Desktop +7
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-5618 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE Mozilla Memory Corruption Use After Free Firefox +15
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2013-5616 CRITICAL POC Act Now

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +17
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2013-5615 CRITICAL POC Act Now

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +6
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2013-5614 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5613 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +17
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2013-5612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-5611 MEDIUM This Month

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris Fedora Ubuntu Linux +5
NVD
CVSS 2.0
5.8
EPSS
1.2%
CVE-2013-5610 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +9
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2013-5609 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +15
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2013-6911 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Mozilla XSS Garoon
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6905 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6904 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6903 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6901 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5607 HIGH This Week

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Netscape Portable Runtime Seamonkey Firefox
NVD
CVSS 2.0
7.5
EPSS
1.6%
EPSS 2% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +1
NVD
EPSS 5% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +3
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +3
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +18
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +18
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +14
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox +14
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +8
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +3
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Mozilla Privilege Escalation Firefox +4
NVD VulDB
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +8
NVD VulDB
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow +16
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Mozilla +16
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Mozilla +7
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Microsoft +2
NVD
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Mozilla RCE +6
NVD VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla RCE +16
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via. Rated low severity (CVSS 1.9). No vendor patch available.

Mozilla Google Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Network Security Services
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla +18
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla +18
NVD
EPSS 13% CVSS 10.0
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Memory Corruption Mozilla RCE +17
NVD
EPSS 70% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Mozilla Privilege Escalation Firefox +15
NVD Exploit-DB
EPSS 71% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

Mozilla Privilege Escalation Google +17
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla +17
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Mozilla Solaris +1
NVD VulDB
EPSS 2% CVSS 6.4
MEDIUM This Month

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mozilla Google +3
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +15
NVD
EPSS 1% CVSS 2.6
LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation +7
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse +6
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google +5
NVD VulDB
EPSS 2% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse +6
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop +6
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla +17
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox +5
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow +17
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Thunderbird Esr +2
NVD
EPSS 48% CVSS 4.3
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 47.5%.

Mozilla XSS Seamonkey +2
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla Firefox
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox +12
NVD
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition +13
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla +7
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +16
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Mozilla Memory Corruption +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Google +6
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Solaris +7
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Denial Of Service Buffer Overflow +19
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox +16
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Opensuse +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox +16
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +7
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla +18
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in clickstream.js in Y!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Microsoft XSS +1
NVD
EPSS 1% CVSS 5.8
MEDIUM POC This Month

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Network Security Services
NVD
EPSS 6% CVSS 7.6
HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Oracle Information Disclosure +3
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla WordPress +3
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Fedora +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse +8
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Code Injection Mozilla RCE +16
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow +9
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE Mozilla Memory Corruption +17
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Use After Free Denial Of Service +19
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +15
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

Mozilla Use After Free Denial Of Service +19
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +15
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris +7
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +11
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla +17
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Mozilla XSS Garoon
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Garoon
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Netscape Portable Runtime +2
NVD
Prev Page 26 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy