Total
2817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | 7.2 HIGH | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. | |||||
| CVE-2013-6901 | 2 Cybozu, Mozilla | 2 Garoon, Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3003 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
| Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | |||||
| CVE-2013-0795 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | |||||
| CVE-2013-5613 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. | |||||
| CVE-2012-1948 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2013-6903 | 3 Cybozu, Microsoft, Mozilla | 3 Garoon, Internet Explorer, Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1673 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | 6.9 MEDIUM | N/A |
| The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." | |||||
| CVE-2011-0341 | 2 Artifex, Mozilla | 2 Mupdf, Firefox | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2010-0170 | 1 Mozilla | 1 Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | |||||
| CVE-2012-1939 | 1 Mozilla | 2 Firefox, Thunderbird Esr | 2025-04-11 | 9.3 HIGH | N/A |
| jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. | |||||
| CVE-2012-3974 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. | |||||
| CVE-2011-2983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | |||||
| CVE-2012-5833 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
| The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. | |||||
| CVE-2013-6853 | 3 Apple, Mozilla, Yahoo | 3 Macos, Firefox, Toolbar | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. | |||||
| CVE-2009-1571 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | |||||
| CVE-2012-3959 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2025-04-11 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | |||||
| CVE-2011-2362 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | |||||
| CVE-2010-1210 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
| intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | |||||