Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:25.0.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-5612 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. Published: December 11, 2013; 10:55:12 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5611 |
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Published: December 11, 2013; 10:55:12 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-5610 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2013; 10:55:07 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5609 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2013; 10:55:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2013-6629 |
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Published: November 18, 2013; 11:50:56 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3079 |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. Published: May 01, 2012; 6:12:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |