Total
707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1196 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | |||||
| CVE-2010-0183 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. | |||||
| CVE-2010-1198 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. | |||||
| CVE-2010-1209 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. | |||||
| CVE-2010-1206 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. | |||||
| CVE-2010-1197 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. | |||||
| CVE-2010-1213 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | |||||
| CVE-2010-1200 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-0654 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | |||||
| CVE-2010-1201 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-1214 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. | |||||
| CVE-2010-1202 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-0161 | 2 Microsoft, Mozilla | 5 Windows 7, Windows Server 2008, Windows Vista and 2 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. | |||||
| CVE-2009-3981 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3979 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3982 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3980 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3389 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | |||||
| CVE-2009-3385 | 1 Mozilla | 1 Seamonkey | 2017-09-19 | 7.1 HIGH | N/A |
| The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation. | |||||
| CVE-2009-3986 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 7.6 HIGH | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | |||||