Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
There are 69 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

Published: February 06, 2014; 12:44:24 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

Published: February 06, 2014; 12:44:24 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Published: February 06, 2014; 12:44:24 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-6673

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Published: December 11, 2013; 10:55:13 AM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-6672

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

Published: December 11, 2013; 10:55:13 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Published: December 11, 2013; 10:55:13 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Published: December 11, 2013; 10:55:12 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

Published: December 11, 2013; 10:55:12 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

Published: December 11, 2013; 10:55:12 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: December 11, 2013; 10:55:07 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-3805

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

Published: July 17, 2013; 9:41:16 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-3801

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Published: July 17, 2013; 9:41:16 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4186

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4185

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4184

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4183

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Published: October 10, 2012; 1:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH