Skip to main content

Seamonkey

315 CVEs product

Monthly

CVE-2012-3105 CRITICAL Act Now

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Nvidia RCE +4
NVD
CVSS 2.0
9.3
EPSS
2.7%
CVE-2012-1947 CRITICAL Act Now

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Mozilla RCE Firefox Seamonkey +2
NVD
CVSS 2.0
9.3
EPSS
6.8%
CVE-2012-1946 CRITICAL Act Now

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Seamonkey Thunderbird +1
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2012-1945 LOW Monitor

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive. Rated low severity (CVSS 2.9). No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Seamonkey +2
NVD
CVSS 2.0
2.9
EPSS
0.2%
CVE-2012-1944 MEDIUM This Month

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Thunderbird +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-1943 MEDIUM This Month

Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Seamonkey +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-1942 HIGH This Week

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Microsoft Firefox Seamonkey +1
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-1941 CRITICAL Act Now

Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Mozilla RCE Firefox Seamonkey +2
NVD
CVSS 2.0
9.3
EPSS
6.3%
CVE-2012-1940 CRITICAL Act Now

Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +3
NVD
CVSS 2.0
9.3
EPSS
3.0%
CVE-2012-1938 CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +12
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2012-1937 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +3
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2012-0441 MEDIUM This Month

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla Firefox Network Security Services +3
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2012-0479 MEDIUM This Month

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-0478 CRITICAL Act Now

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla RCE Firefox Thunderbird +2
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2012-0477 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-0475 LOW Monitor

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox Thunderbird Seamonkey
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2012-0474 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-0473 MEDIUM This Month

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-0472 CRITICAL Act Now

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Microsoft RCE +4
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2012-0471 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-0470 CRITICAL Act Now

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +3
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2012-0469 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

Mozilla RCE Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
10.0
EPSS
17.1%
CVE-2012-0468 CRITICAL Act Now

The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.5%
CVE-2012-0467 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +3
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2012-0464 HIGH This Week

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2012-0463 HIGH This Week

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Denial Of Service Buffer Overflow RCE +4
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2012-0462 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +4
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2012-0461 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +3
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-0460 MEDIUM This Month

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird +2
NVD
CVSS 2.0
6.4
EPSS
1.8%
CVE-2012-0459 HIGH This Week

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla RCE Firefox +4
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2012-0458 MEDIUM POC PATCH This Month

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Mozilla Google Firefox Thunderbird +3
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2012-0457 CRITICAL Act Now

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
9.3
EPSS
7.3%
CVE-2012-0456 MEDIUM This Month

The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Information Disclosure Firefox Thunderbird +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-0455 MEDIUM This Month

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +2
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-0454 HIGH This Week

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Microsoft RCE Firefox +4
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2012-0451 MEDIUM This Month

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mozilla XSS RCE Firefox +4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0452 HIGH This Week

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Firefox Thunderbird +1
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2012-0450 LOW Monitor

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Seamonkey
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-0449 CRITICAL PATCH Act Now

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +7
NVD
CVSS 2.0
9.3
EPSS
3.9%
CVE-2012-0447 MEDIUM This Month

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Thunderbird +1
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-0446 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Seamonkey
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0445 MEDIUM This Month

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Thunderbird Seamonkey
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-0444 CRITICAL POC Act Now

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +8
NVD
CVSS 2.0
10.0
EPSS
8.6%
CVE-2012-0443 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.6%
CVE-2012-0442 CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +7
NVD
CVSS 2.0
9.3
EPSS
1.4%
EPSS 3% CVSS 9.3
CRITICAL Act Now

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +6
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Mozilla RCE +4
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 0% CVSS 2.9
LOW Monitor

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive. Rated low severity (CVSS 2.9). No vendor patch available.

Mozilla Information Disclosure Microsoft +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +3
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Microsoft Information Disclosure +3
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Microsoft +3
NVD
EPSS 6% CVSS 9.3
CRITICAL Act Now

Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Mozilla RCE +4
NVD
EPSS 3% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Mozilla +14
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla RCE +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +3
NVD
EPSS 0% CVSS 2.6
LOW Monitor

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +3
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 17% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +4
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +5
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox +4
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla +6
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Mozilla Google +5
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Information Disclosure +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Microsoft +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mozilla XSS +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +3
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox +1
NVD
EPSS 4% CVSS 9.3
CRITICAL PATCH Act Now

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Mozilla +9
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox +2
NVD
EPSS 9% CVSS 10.0
CRITICAL POC Act Now

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla +10
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +4
NVD
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Mozilla +9
NVD
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy