Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird_esr:17.0.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-5599 |
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. Published: October 30, 2013; 6:55:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5597 |
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Published: October 30, 2013; 6:55:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5595 |
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. Published: October 30, 2013; 6:55:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5590 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: October 30, 2013; 6:55:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-1737 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1736 |
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-1735 |
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-1732 |
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-1730 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1726 |
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2013-1725 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1722 |
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Published: September 18, 2013; 6:08:24 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-1718 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: September 18, 2013; 6:08:22 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-2566 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. Published: March 15, 2013; 5:55:01 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |