Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38492 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. | |||||
| CVE-2018-12368 | 2 Microsoft, Mozilla | 4 Windows 10, Firefox, Firefox Esr and 1 more | 2024-10-21 | 9.3 HIGH | 8.1 HIGH |
| Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2014-1551 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-10-21 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. | |||||
| CVE-2013-1712 | 2 Microsoft, Mozilla | 7 Windows 7, Windows 8, Windows Server 2008 and 4 more | 2024-10-21 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. | |||||
| CVE-2012-3974 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2024-10-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. | |||||
| CVE-2014-1568 | 4 Apple, Google, Microsoft and 1 more | 9 Mac Os X, Chrome, Chrome Os and 6 more | 2024-10-21 | 7.5 HIGH | N/A |
| Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | |||||
| CVE-2013-0799 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2024-10-21 | 7.2 HIGH | N/A |
| Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. | |||||
| CVE-2013-1672 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2024-10-21 | 6.9 MEDIUM | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. | |||||
| CVE-2012-0454 | 2 Microsoft, Mozilla | 6 Windows 7, Firefox, Firefox Esr and 3 more | 2024-10-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. | |||||
| CVE-2023-4576 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-10-21 | N/A | 8.6 HIGH |
| On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. | |||||
| CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | N/A | 5.5 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-47746 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2024-10-21 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | |||||
| CVE-2024-49023 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43596 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43578 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43595 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43579 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43587 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 8.1 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43566 | 1 Microsoft | 1 Edge Chromium | 2024-10-18 | N/A | 9.8 CRITICAL |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||