Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:mozilla:seamonkey:2.15:beta3
There are 166 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0765

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0764

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.

Published: January 13, 2013; 3:55:02 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0751

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

Published: January 13, 2013; 3:55:01 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2011-3079

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.

Published: May 01, 2012; 6:12:04 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-3778

Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: December 10, 2010; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1990

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.

Published: May 20, 2010; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-4630

Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."

Published: January 29, 2010; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-4629

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.

Published: January 29, 2010; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

Published: August 03, 2009; 10:30:00 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1840

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.

Published: June 12, 2009; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.

Published: April 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.

Published: April 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1308

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

Published: April 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.

Published: April 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-1306

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.

Published: April 22, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0356

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.

Published: February 04, 2009; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2008-4821

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.

Published: November 10, 2008; 9:12:55 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM