Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-1733

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-14 Apr, 2006 | 10:00
Updated At-07 Aug, 2024 | 17:19
Rejected At-
Credits

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:14 Apr, 2006 | 10:00
Updated At:07 Aug, 2024 | 17:19
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/275-1/
vendor-advisory
x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2006-0330.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/archive/1/434524/100/0/threaded
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/19902
third-party-advisory
x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
vendor-advisory
x_refsource_SGI
https://usn.ubuntu.com/276-1/
vendor-advisory
x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/archive/1/438730/100/0/threaded
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/19941
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19780
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0328.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/19821
third-party-advisory
x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/21622
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19862
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/488774
third-party-advisory
x_refsource_CERT-VN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
vendor-advisory
x_refsource_MANDRIVA
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
x_refsource_CONFIRM
http://secunia.com/advisories/19823
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1051
vendor-advisory
x_refsource_DEBIAN
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
vendor-advisory
x_refsource_FEDORA
https://usn.ubuntu.com/271-1/
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/19714
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0329.html
vendor-advisory
x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/19811
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434524/100/0/threaded
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/19794
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/19746
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21033
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
vdb-entry
x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/19696
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19759
third-party-advisory
x_refsource_SECUNIA
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/archive/1/436338/100/0/threaded
vendor-advisory
x_refsource_FEDORA
http://www.vupen.com/english/advisories/2006/1356
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/438730/100/0/threaded
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/19729
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/20051
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19863
third-party-advisory
x_refsource_SECUNIA
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
vendor-advisory
x_refsource_SCO
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
third-party-advisory
x_refsource_CERT
http://www.securityfocus.com/archive/1/436296/100/0/threaded
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/17516
vdb-entry
x_refsource_BID
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
vendor-advisory
x_refsource_SUNALERT
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/19852
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19721
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.html
vendor-advisory
x_refsource_SUSE
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
vendor-advisory
x_refsource_GENTOO
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
x_refsource_CONFIRM
http://secunia.com/advisories/19631
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19950
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
vendor-advisory
x_refsource_MANDRIVA
http://www.debian.org/security/2006/dsa-1046
vendor-advisory
x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-1044
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://usn.ubuntu.com/275-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0330.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/19902
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: https://usn.ubuntu.com/276-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/19941
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19780
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0328.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/19821
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/21622
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19862
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kb.cert.org/vuls/id/488774
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/19823
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2006/dsa-1051
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://usn.ubuntu.com/271-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/19714
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0329.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/19811
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/19794
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/19746
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21033
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/19696
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19759
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/archive/1/436338/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.vupen.com/english/advisories/2006/1356
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/19729
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/20051
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19863
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Resource:
vendor-advisory
x_refsource_SCO
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-107A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.securityfocus.com/archive/1/436296/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/17516
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/19852
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19721
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/19631
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19950
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.debian.org/security/2006/dsa-1046
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.debian.org/security/2006/dsa-1044
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/275-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0330.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/archive/1/434524/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/19902
third-party-advisory
x_refsource_SECUNIA
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
vendor-advisory
x_refsource_SGI
x_transferred
https://usn.ubuntu.com/276-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/archive/1/438730/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/19941
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19780
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0328.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/19821
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/21622
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19862
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kb.cert.org/vuls/id/488774
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/19823
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2006/dsa-1051
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://usn.ubuntu.com/271-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/19714
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0329.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/19811
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/434524/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/19794
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/19746
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21033
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
vdb-entry
x_refsource_XF
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/19696
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19759
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/archive/1/436338/100/0/threaded
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.vupen.com/english/advisories/2006/1356
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/438730/100/0/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/19729
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/20051
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19863
third-party-advisory
x_refsource_SECUNIA
x_transferred
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
vendor-advisory
x_refsource_SCO
x_transferred
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.securityfocus.com/archive/1/436296/100/0/threaded
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/17516
vdb-entry
x_refsource_BID
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/19852
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19721
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2006_04_25.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/19631
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19950
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.debian.org/security/2006/dsa-1046
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.debian.org/security/2006/dsa-1044
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://usn.ubuntu.com/275-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0330.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/19902
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: https://usn.ubuntu.com/276-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/19941
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19780
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0328.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/19821
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/21622
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19862
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/488774
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/19823
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2006/dsa-1051
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://usn.ubuntu.com/271-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/19714
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0329.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/19811
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/19794
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/19746
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21033
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/19696
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19759
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/436338/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/1356
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/19729
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/20051
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19863
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Resource:
vendor-advisory
x_refsource_SCO
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-107A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/436296/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/17516
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/19852
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19721
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/19631
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19950
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.debian.org/security/2006/dsa-1046
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.debian.org/security/2006/dsa-1044
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:14 Apr, 2006 | 10:02
Updated At:03 Apr, 2025 | 01:03

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions up to 1.0.7(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.1
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.2
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.3
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.4
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.5
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.6
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>Versions up to 1.7.12(inclusive)
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.6
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.7
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.8
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.10
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.11
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions up to 1.0(inclusive)
cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions up to 1.0.7(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.1
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.2
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.3
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.4
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.5
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.5
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.6
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

This vulnerability also affects Mozilla, SeaMonkey, 1.0 and Mozilla, Suite, 1.7.13 This vulnerabiloity is addressed in the following product releases: Mozilla, Firefox, 1.5 Mozilla, Firefox, 1.0.8 Mozilla, Thunderbird, 1.5 Mozilla, Thunderbird, 1.0.8 Mozilla, SeaMonkey, 1.0 Mozilla, Suite, 1.7.13

Vendor Statements
References
HyperlinkSourceResource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtsecalert@redhat.com
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascsecalert@redhat.com
Patch
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/19631secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19696secalert@redhat.com
N/A
http://secunia.com/advisories/19714secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19721secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19729secalert@redhat.com
N/A
http://secunia.com/advisories/19746secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19759secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19780secalert@redhat.com
N/A
http://secunia.com/advisories/19794secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19811secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19821secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19823secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19852secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19862secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19863secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19902secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19941secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/19950secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/20051secalert@redhat.com
N/A
http://secunia.com/advisories/21033secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21622secalert@redhat.com
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1secalert@redhat.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmsecalert@redhat.com
N/A
http://www.debian.org/security/2006/dsa-1044secalert@redhat.com
N/A
http://www.debian.org/security/2006/dsa-1046secalert@redhat.com
N/A
http://www.debian.org/security/2006/dsa-1051secalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlsecalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlsecalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlsecalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/488774secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/2006/mfsa2006-16.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.htmlsecalert@redhat.com
N/A
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlsecalert@redhat.com
N/A
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2006-0328.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2006-0329.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2006-0330.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/434524/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/434524/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/436296/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/436338/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/438730/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/438730/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/17516secalert@redhat.com
N/A
http://www.us-cert.gov/cas/techalerts/TA06-107A.htmlsecalert@redhat.com
US Government Resource
http://www.vupen.com/english/advisories/2006/1356secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020secalert@redhat.com
N/A
https://usn.ubuntu.com/271-1/secalert@redhat.com
N/A
https://usn.ubuntu.com/275-1/secalert@redhat.com
N/A
https://usn.ubuntu.com/276-1/secalert@redhat.com
N/A
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19631af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19696af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19714af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19721af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19729af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19746af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19759af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19780af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19794af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19811af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19821af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19823af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19852af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19862af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19863af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19902af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19941af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19950af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/20051af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21033af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21622af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2006/dsa-1044af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2006/dsa-1046af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2006/dsa-1051af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/488774af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2006/mfsa2006-16.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0328.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0329.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0330.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434524/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/434524/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/436296/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/436338/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/438730/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/438730/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/17516af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA06-107A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/1356af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/271-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/275-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/276-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Source: secalert@redhat.com
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/19631
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19696
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/19714
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19721
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19729
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/19746
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19759
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19780
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/19794
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19811
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19821
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19823
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19852
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19862
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19863
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19902
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19941
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19950
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/20051
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/21033
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21622
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1044
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1046
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1051
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/488774
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0328.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0329.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0330.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/436296/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/436338/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17516
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-107A.html
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1356
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/271-1/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/275-1/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/276-1/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19631
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19696
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19714
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19721
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19780
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19794
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19811
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19852
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19862
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19863
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19902
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19941
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/20051
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21622
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1044
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1051
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/488774
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0328.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0329.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0330.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/434524/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/436296/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/436338/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/438730/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17516
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-107A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/1356
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/271-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/275-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/276-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

312Records found
CVE-2020-15660
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.63%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 11:24
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-geckodrivern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15669
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.78%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:42
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2020-12387
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-1.00% / 76.04%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:04
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2007-1562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-29.04% / 96.40%
||
7 Day CHG~0.00%
Published-21 Mar, 2007 | 19:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Action-Not Available
Vendor-n/aMozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-15667
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:42
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9810
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-70.88% / 98.64%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 16:10
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-15678
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.87% / 74.26%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:29
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSEMozilla Corporation
Product-thunderbirddebian_linuxfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2019-9813
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-51.92% / 97.82%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 16:09
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-9821
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.42% / 61.33%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:23
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-5259
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxlinuxn/a
CWE ID-CWE-416
Use After Free
CVE-2007-1084
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.05% / 76.63%
||
7 Day CHG~0.00%
Published-23 Feb, 2007 | 00:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-16
Not Available
CVE-2017-5436
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-silDebian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxgraphite2enterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29976
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:46
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5394
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-12409
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.11%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 14:46
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2007-0994
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.50% / 84.73%
||
7 Day CHG~0.00%
Published-06 Mar, 2007 | 00:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Action-Not Available
Vendor-n/aDebian GNU/LinuxMozilla Corporation
Product-firefoxdebian_linuxseamonkeyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-7755
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-43534
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.79% / 81.98%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43535
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.38%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2021-43537
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.34%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2016-2835
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2021-38494
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.10%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.21% / 83.78%
||
7 Day CHG+0.57%
Published-03 Nov, 2021 | 00:03
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CVE-2021-38510
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.60%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:21
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxthunderbirdmacosfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2021-38496
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2021-38495
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.27%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdThunderbirdFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9815
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-1.02% / 76.30%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:24
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxthunderbirdmacosfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-17005
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.66% / 81.32%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:14
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxfirefox_esrleapThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29946
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:19
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-29990
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.49%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29980
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.48%
||
7 Day CHG+0.05%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2021-30547
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.85%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 21:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLCFedora ProjectDebian GNU/Linux
Product-chromefirefoxdebian_linuxfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29947
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.59%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:19
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29981
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.49%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CVE-2016-2802
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.88%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-29984
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.32%
||
7 Day CHG+0.06%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29973
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:46
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CVE-2021-29966
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:14
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29967
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.24%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:14
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29988
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-29986
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.31% / 53.74%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla CorporationLinux Kernel Organization, Inc
Product-firefoxthunderbirdlinux_kernelfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-17013
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.95%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:25
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17025
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.71%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:31
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-23997
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.70%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:25
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2021-23954
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 02:10
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2009-0068
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.38% / 79.49%
||
7 Day CHG~0.00%
Published-07 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.

Action-Not Available
Vendor-n/afreedesktop.orgMozilla Corporation
Product-firefoxxdg-utilsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-43539
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.65%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2019-17012
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.41%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:24
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxfirefox_esrleapThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38493
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.40%
||
7 Day CHG+0.09%
Published-03 Nov, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17008
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 74.03%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:17
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Action-Not Available
Vendor-openSUSEMozilla Corporation
Product-firefoxthunderbirdfirefox_esrleapThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found