U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:mozilla:seamonkey:1.0.7
There are 593 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Published: May 14, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Published: March 23, 2015; 8:59:07 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

Published: March 23, 2015; 8:59:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8642

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.

Published: January 14, 2015; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

Published: January 14, 2015; 6:59:09 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.

Published: January 14, 2015; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Published: January 14, 2015; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Published: January 14, 2015; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Published: January 14, 2015; 6:59:06 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

Published: January 14, 2015; 6:59:05 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: January 14, 2015; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: January 14, 2015; 6:59:03 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

Published: December 11, 2014; 6:59:13 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8631

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

Published: December 11, 2014; 6:59:12 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Published: December 11, 2014; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

Published: December 11, 2014; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Published: December 11, 2014; 6:59:06 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1591

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

Published: December 11, 2014; 6:59:05 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.

Published: December 11, 2014; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1589

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Published: December 11, 2014; 6:59:02 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM