Filtered by vendor Mozilla
Subscriptions
Total
3510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2759 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. | ||||
| CVE-2011-3232 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||||
| CVE-2010-4568 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function. | ||||
| CVE-2010-1208 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | 8.8 High |
| Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. | ||||
| CVE-2012-1142 | 3 Freetype, Mozilla, Redhat | 3 Freetype, Firefox Mobile, Enterprise Linux | 2025-04-11 | N/A |
| FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. | ||||
| CVE-2010-0175 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. | ||||
| CVE-2010-2758 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. | ||||
| CVE-2012-3992 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | N/A |
| Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | ||||
| CVE-2013-0755 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. | ||||
| CVE-2012-4206 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. | ||||
| CVE-2012-4747 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. | ||||
| CVE-2010-2754 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||||
| CVE-2011-3652 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | N/A |
| The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2011-3655 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | ||||
| CVE-2010-2756 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. | ||||
| CVE-2011-3647 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-11 | N/A |
| The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | ||||
| CVE-2010-3776 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2010-3770 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. | ||||
| CVE-2010-0176 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | ||||
| CVE-2010-3772 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. | ||||