Filtered by vendor Mozilla
Subscriptions
Total
3351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1687 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. | ||||
| CVE-2013-1685 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. | ||||
| CVE-2013-1683 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-1682 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-1680 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||||
| CVE-2013-1679 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||||
| CVE-2013-1678 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||||
| CVE-2013-1677 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2012-0475 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. | ||||
| CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | ||||
| CVE-2013-1676 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2013-1674 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||||
| CVE-2013-1673 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | N/A |
| The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." | ||||
| CVE-2013-1672 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2025-04-11 | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. | ||||
| CVE-2013-1671 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. | ||||
| CVE-2013-1669 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-1696 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. | ||||
| CVE-2013-0801 | 2 Mozilla, Redhat | 5 Firefox, Thunderbird, Thunderbird Esr and 2 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-0799 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2025-04-11 | N/A |
| Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. | ||||
| CVE-2013-0775 | 5 Canonical, Debian, Mozilla and 2 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||||