Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird:24.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-0827 |
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Published: February 25, 2015; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0822 |
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. Published: February 25, 2015; 6:59:03 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8639 |
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Published: January 14, 2015; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8638 |
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. Published: January 14, 2015; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8634 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: January 14, 2015; 6:59:03 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1595 |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Published: December 11, 2014; 6:59:09 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-1594 |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Published: December 11, 2014; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1593 |
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Published: December 11, 2014; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1592 |
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Published: December 11, 2014; 6:59:06 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1590 |
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. Published: December 11, 2014; 6:59:04 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1587 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2014; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1568 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Published: September 25, 2014; 1:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3079 |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. Published: May 01, 2012; 6:12:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |