Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код, получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)

References:

CVE-2014-1497

Published: 2014-03-19

BDU:2014-00291

Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код, получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)

References:

CVE-2014-1497

Published: 2014-03-19

BDU:2014-00292

Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику выполнить произвольный код, получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)

References:

CVE-2014-1497

Published: 2014-03-19

BDU:2014-00293

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код, получить доступ к конфиденциальной информации или вызвать отказ в обслуживании

Severity: MEDIUM (6.8)

References:

CVE-2014-1497

Published: 2014-02-06

BDU:2014-00294

Уязвимость браузера Firefox, позволяющая злоумышленнику обойти ограничения

Severity: MEDIUM (5.0)

References:

CVE-2014-1479

Published: 2014-02-06

BDU:2014-00295

Уязвимость браузера Firefox ESR, позволяющая злоумышленнику обойти ограничения

Severity: MEDIUM (5.0)

References:

CVE-2014-1479

Published: 2014-02-06

BDU:2014-00296

Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику обойти ограничения

Severity: MEDIUM (5.0)

References:

CVE-2014-1479

Published: 2014-02-06

BDU:2014-00297

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику обойти ограничения

Severity: MEDIUM (5.0)

References:

CVE-2014-1479

Published: 2014-02-06

BDU:2014-00298

Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании

Severity: CRITICAL (10.0)

References:

CVE-2014-1482

Published: 2014-02-06

BDU:2014-00299

Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании

Severity: CRITICAL (10.0)

References:

CVE-2014-1482

Published: 2014-02-06

BDU:2014-00300

Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании

Severity: CRITICAL (10.0)

References:

CVE-2014-1482

Published: 2014-02-06

BDU:2014-00301

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании

Severity: CRITICAL (10.0)

References:

CVE-2014-1482

Published: 2014-03-19

BDU:2014-00305

Severity: MEDIUM (6.8)

References:

CVE-2014-1508

Published: 2014-03-19

BDU:2014-00306

Severity: MEDIUM (6.8)

References:

CVE-2014-1508

Published: 2014-03-19

BDU:2014-00307

Severity: MEDIUM (6.8)

References:

CVE-2014-1508

Published: 2014-03-19

BDU:2014-00308

Severity: MEDIUM (6.8)

References:

CVE-2014-1508

Published: 2014-03-19

BDU:2014-00309

Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

CVE-2014-1510

Published: 2014-03-19

BDU:2014-00310

Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

CVE-2014-1510

Published: 2014-03-19

BDU:2014-00311

Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

CVE-2014-1510

Published: 2014-03-19

BDU:2014-00312

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

CVE-2014-1510

Published: 2014-03-19

BDU:2014-00314

Уязвимость браузера Firefox, позволяющая провести межсайтовое выполнение сценариев

Severity: LOW (2.6)

References:

CVE-2014-1504

Published: 2014-03-19

BDU:2014-00315

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая провести межсайтовое выполнение сценариев

Severity: LOW (2.6)

References:

CVE-2014-1504

Published: 2014-03-19

BDU:2014-00316

Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить отказ в обслуживании

Severity: MEDIUM (4.3)

References:

CVE-2014-1489

Published: 2014-03-19

BDU:2014-00317

Уязвимость браузера Firefox, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

CVE-2014-1489

Published: 2014-03-19

BDU:2014-00318

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (5.0)

References:

CVE-2014-1489

Published: 2014-04-30

BDU:2015-00049

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00050

Уязвимость браузера Firefox ESR, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00051

Уязвимость почтового клиента Thunderbird, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00052

Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00053

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00054

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00055

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00056

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00057

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: MEDIUM (4.3)

References:

Published: 2014-04-30

BDU:2015-00058

Уязвимость браузера Firefox ESR, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: MEDIUM (4.3)

References:

Published: 2014-04-30

BDU:2015-00059

Уязвимость почтового клиента Thunderbird, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: MEDIUM (4.3)

References:

Published: 2014-04-30

BDU:2015-00060

Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: MEDIUM (4.3)

References:

Published: 2014-04-30

BDU:2015-00061

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00062

Уязвимость браузера Firefox ESR, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00063

Уязвимость почтового клиента Thunderbird, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00064

Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00065

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00066

Уязвимость браузера Firefox ESR, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00067

Уязвимость почтового клиента Thunderbird, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00068

Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00069

Severity: HIGH (7.8)

References:

Published: 2014-04-30

BDU:2015-00070

Severity: HIGH (7.8)

References:

Published: 2014-04-30

BDU:2015-00071

Severity: HIGH (7.8)

References:

Published: 2014-04-30

BDU:2015-00072

Severity: HIGH (7.8)

References:

Published: 2014-04-30

BDU:2015-00073

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00074

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00075

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00076

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00416

Уязвимости браузера Firefox, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

CVE-2014-1519

Published: 2014-04-30

BDU:2015-00418

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (5.8)

References:

CVE-2014-1526

Published: 2014-04-30

BDU:2015-00419

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

CVE-2014-1522

Published: 2014-04-30

BDU:2015-00421

Severity: CRITICAL (9.3)

References:

CVE-2014-1525

Published: 2014-06-11

BDU:2015-00422

Severity: CRITICAL (10.0)

References:

CVE-2014-1537

Published: 2014-06-11

BDU:2015-00423

Severity: CRITICAL (10.0)

References:

CVE-2014-1538

Published: 2014-06-11

BDU:2015-00424

Severity: CRITICAL (10.0)

References:

CVE-2014-1541

Published: 2014-06-11

BDU:2015-00425

Severity: CRITICAL (10.0)

References:

CVE-2014-1534

Published: 2014-06-11

BDU:2015-00426

Severity: CRITICAL (10.0)

References:

CVE-2014-1533

Published: 2014-06-11

BDU:2015-00427

Severity: MEDIUM (6.8)

References:

CVE-2014-1542

Published: 2014-06-11

BDU:2015-00428

Severity: CRITICAL (10.0)

References:

CVE-2014-1536

Published: 2014-07-23

BDU:2015-00430

Severity: CRITICAL (10.0)

References:

CVE-2014-1550

Published: 2014-07-23

BDU:2015-00431

Severity: CRITICAL (10.0)

References:

CVE-2014-1544

Published: 2014-07-23

BDU:2015-00432

Severity: CRITICAL (9.3)

References:

CVE-2014-1555

Published: 2014-07-23

BDU:2015-00433

Severity: CRITICAL (10.0)

References:

CVE-2014-1548

Published: 2014-07-23

BDU:2015-00434

Severity: CRITICAL (10.0)

References:

CVE-2014-1547

Published: 2014-07-23

BDU:2015-00435

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

CVE-2014-1558

Published: 2014-07-23

BDU:2015-00436

Severity: MEDIUM (4.3)

References:

CVE-2014-1559

Published: 2014-07-23

BDU:2015-00437

Severity: MEDIUM (4.3)

References:

CVE-2014-1560

Published: 2014-07-23

BDU:2015-00438

Severity: CRITICAL (9.3)

References:

CVE-2014-1556

Published: 2014-07-23

BDU:2015-00439

Severity: MEDIUM (5.8)

References:

CVE-2014-1552

Published: 2014-07-23

BDU:2015-00440

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить целостность и доступность защищаемой информации

Severity: MEDIUM (5.8)

References:

CVE-2014-1561

Published: 2014-07-23

BDU:2015-00441

Severity: CRITICAL (9.3)

References:

CVE-2014-1557

Published: 2014-07-23

BDU:2015-00442

Severity: CRITICAL (9.3)

References:

CVE-2014-1549

Published: 2014-06-11

BDU:2015-00452

Severity: CRITICAL (9.3)

References:

CVE-2014-1540

Published: 2014-04-30

BDU:2015-00453

Уязвимость программного обеспечения Firefox ESR, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00455

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00456

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00457

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00458

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00460

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00461

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00462

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00463

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00464

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00465

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00668

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00669

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00670

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00671

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00672

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00673

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00674

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00675

Severity: CRITICAL (10.0)

References:

Published: 2014-04-30

BDU:2015-00678

Severity: CRITICAL (9.3)

References:

Published: 2014-06-11

BDU:2015-00679

Severity: CRITICAL (9.3)

References:

Published: 2014-04-30

BDU:2015-00681

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (5.8)

References:

Published: 2014-06-11

BDU:2015-00682

Severity: MEDIUM (6.8)

References:

Published: 2014-04-30

BDU:2015-00692

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00693

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00694

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00695

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00696

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00697

Severity: CRITICAL (10.0)

References:

Published: 2014-06-11

BDU:2015-00698

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00700

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00701

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00702

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00703

Severity: CRITICAL (10.0)

References:

Published: 2014-07-23

BDU:2015-00710

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00711

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00712

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00713

Severity: CRITICAL (9.3)

References:

Published: 2014-07-23

BDU:2015-00715

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

Published: 2014-07-23

BDU:2015-00716

Severity: MEDIUM (4.3)

References:

Published: 2014-07-23

BDU:2015-00717

Severity: MEDIUM (4.3)

References:

Published: 2014-07-23

BDU:2015-00719

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (5.8)

References:

Published: 2013-12-09

BDU:2015-06136

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Severity: MEDIUM (5.0)

References:

Published: 2013-12-09

BDU:2015-06137

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2013-12-09

BDU:2015-06138

Severity: MEDIUM (5.0)

References:

Published: 2013-12-09

BDU:2015-06139

Множественные уязвимости пакета libjpeg-turbo-static-1.2.1 операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Published: 2013-12-09

BDU:2015-07110

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Severity: MEDIUM (5.0)

References:

Published: 2013-12-09

BDU:2015-07111

Severity: MEDIUM (5.0)

References:

Published: 2013-12-09

BDU:2015-07112

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09076

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09077

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09078

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09079

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09080

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09081

Severity: MEDIUM (5.0)

References:

Published: 2013-12-10

BDU:2015-09082

Severity: MEDIUM (5.0)

References:

Published: 2013-03-16
Modified: 2024-11-21

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2020-02-18
Modified: 2024-11-21

CVE-2013-5594

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2013-11-20
Modified: 2024-11-21

CVE-2013-5607

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

Severity: HIGH (7.5)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (10.0)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

Severity: MEDIUM (5.8)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

Severity: MEDIUM (4.3)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Severity: MEDIUM (4.3)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Severity: HIGH (7.5)

References:

Published: 2014-02-15
Modified: 2024-11-21

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

Severity: MEDIUM (6.8)

References:

Published: 2013-11-19
Modified: 2024-11-21

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Severity: MEDIUM (5.0)

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2013-12-11
Modified: 2024-11-21

CVE-2013-6673

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1478

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.

Severity: CRITICAL (10.0)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Severity: MEDIUM (4.3)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

Severity: MEDIUM (5.0)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1485

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Severity: HIGH (7.5)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

Severity: CRITICAL (10.0)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

Severity: MEDIUM (4.3)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Severity: CRITICAL (9.3)

References:

Published: 2014-02-06
Modified: 2024-11-21

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Severity: MEDIUM (4.3)

References: