Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5747

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Nov, 2006 | 21:00
Updated At-07 Aug, 2024 | 20:04
Rejected At-
Credits

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Nov, 2006 | 21:00
Updated At:07 Aug, 2024 | 20:04
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
x_refsource_MISC
http://www.vupen.com/english/advisories/2006/3748
vdb-entry
x_refsource_VUPEN
http://securitytracker.com/id?1017178
vdb-entry
x_refsource_SECTRACK
http://securitytracker.com/id?1017179
vdb-entry
x_refsource_SECTRACK
http://security.gentoo.org/glsa/glsa-200612-08.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/23013
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/451099/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/22770
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4387
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
vdb-entry
x_refsource_XF
https://issues.rpath.com/browse/RPL-765
x_refsource_CONFIRM
http://secunia.com/advisories/23009
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/22980
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2006-0733.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/24711
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/23263
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22763
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22965
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-382-1
vendor-advisory
x_refsource_UBUNTU
http://securitytracker.com/id?1017177
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/0083
vdb-entry
x_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2006-0735.html
vendor-advisory
x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
vendor-advisory
x_refsource_SGI
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
vendor-advisory
x_refsource_SUSE
http://security.gentoo.org/glsa/glsa-200612-07.xml
vendor-advisory
x_refsource_GENTOO
http://www.kb.cert.org/vuls/id/815432
third-party-advisory
x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2007/1198
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/23297
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22727
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22815
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2006-0734.html
vendor-advisory
x_refsource_REDHAT
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/22737
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22929
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200612-06.xml
vendor-advisory
x_refsource_GENTOO
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
vendor-advisory
x_refsource_MANDRIVA
http://www.securityfocus.com/bid/20957
vdb-entry
x_refsource_BID
http://secunia.com/advisories/22066
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22774
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/22817
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22722
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/23287
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-381-1
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=355569
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2006/3748
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1017178
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://securitytracker.com/id?1017179
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/23013
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/451099/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/22770
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2006/4387
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://issues.rpath.com/browse/RPL-765
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/23009
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/22980
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0733.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/24711
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/23263
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22763
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22965
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-382-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://securitytracker.com/id?1017177
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0735.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.kb.cert.org/vuls/id/815432
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.vupen.com/english/advisories/2007/1198
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/23297
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22727
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22815
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0734.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/22737
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22929
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securityfocus.com/bid/20957
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/22066
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22774
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/22817
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22722
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/23287
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-381-1
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2006/3748
vdb-entry
x_refsource_VUPEN
x_transferred
http://securitytracker.com/id?1017178
vdb-entry
x_refsource_SECTRACK
x_transferred
http://securitytracker.com/id?1017179
vdb-entry
x_refsource_SECTRACK
x_transferred
http://security.gentoo.org/glsa/glsa-200612-08.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/23013
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
x_refsource_CONFIRM
x_transferred
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/451099/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/22770
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2006/4387
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
vdb-entry
x_refsource_XF
x_transferred
https://issues.rpath.com/browse/RPL-765
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/23009
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/22980
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2006-0733.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/24711
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/23263
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22763
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22965
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-382-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://securitytracker.com/id?1017177
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2008/0083
vdb-entry
x_refsource_VUPEN
x_transferred
http://rhn.redhat.com/errata/RHSA-2006-0735.html
vendor-advisory
x_refsource_REDHAT
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
vendor-advisory
x_refsource_SGI
x_transferred
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://security.gentoo.org/glsa/glsa-200612-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.kb.cert.org/vuls/id/815432
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.vupen.com/english/advisories/2007/1198
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/23297
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22727
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22815
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2006-0734.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/22737
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22929
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-200612-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securityfocus.com/bid/20957
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/22066
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22774
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/22817
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22722
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/23287
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-381-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=355569
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3748
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1017178
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://securitytracker.com/id?1017179
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/23013
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/451099/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/22770
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/4387
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-765
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/23009
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/22980
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0733.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/24711
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/23263
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22763
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22965
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-382-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://securitytracker.com/id?1017177
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0735.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/815432
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1198
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/23297
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22727
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22815
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0734.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/22737
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22929
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/20957
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/22066
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22774
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/22817
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22722
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/23287
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-381-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:08 Nov, 2006 | 21:07
Updated At:17 Oct, 2018 | 21:44

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.2
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.3
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.4
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.5
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.6
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.5.0.7
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.1
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.2
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.5
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.6
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.7
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.0.8
cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5.0.1
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5.0.2
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5.0.4
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>1.5.0.7
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Psecalert@redhat.com
Patch
http://rhn.redhat.com/errata/RHSA-2006-0733.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0734.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0735.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22066secalert@redhat.com
N/A
http://secunia.com/advisories/22722secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22727secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22737secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22763secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22770secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22774secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22815secalert@redhat.com
N/A
http://secunia.com/advisories/22817secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22929secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22965secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/22980secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/23009secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/23013secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/23263secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/23287secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/23297secalert@redhat.com
Patch
Vendor Advisory
http://secunia.com/advisories/24711secalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-200612-06.xmlsecalert@redhat.com
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200612-07.xmlsecalert@redhat.com
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200612-08.xmlsecalert@redhat.com
Patch
Vendor Advisory
http://securitytracker.com/id?1017177secalert@redhat.com
Patch
http://securitytracker.com/id?1017178secalert@redhat.com
Patch
http://securitytracker.com/id?1017179secalert@redhat.com
Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmsecalert@redhat.com
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/815432secalert@redhat.com
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/2006/mfsa2006-65.htmlsecalert@redhat.com
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/451099/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/20957secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-381-1secalert@redhat.com
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-382-1secalert@redhat.com
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlsecalert@redhat.com
Patch
US Government Resource
http://www.vupen.com/english/advisories/2006/3748secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2006/4387secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2007/1198secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/0083secalert@redhat.com
N/A
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742secalert@redhat.com
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=355569secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-765secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496secalert@redhat.com
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0733.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0734.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0735.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22066
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/22722
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22727
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22737
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22763
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22770
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22774
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22815
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/22817
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22929
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22965
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22980
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23009
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23013
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23263
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23287
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23297
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24711
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-06.xml
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-07.xml
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200612-08.xml
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1017177
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://securitytracker.com/id?1017178
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://securitytracker.com/id?1017179
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/815432
Source: secalert@redhat.com
Resource:
Patch
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/451099/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/20957
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-381-1
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-382-1
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Source: secalert@redhat.com
Resource:
Patch
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/3748
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/4387
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/1198
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=355569
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-765
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

383Records found

CVE-2008-2802
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.80% / 90.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-264
Not Available
CVE-2018-5155
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.79% / 87.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopthunderbird_esrThunderbirdThunderbird ESRFirefoxFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2016-1951
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.6||HIGH
EPSS-0.74% / 72.08%
||
7 Day CHG-0.04%
Published-07 Aug, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-netscape_portable_runtimen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-1978
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-2.75% / 85.43%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-network_security_servicesfirefoxn/a
CVE-2016-0718
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.91%
||
7 Day CHG-0.05%
Published-26 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Action-Not Available
Vendor-libexpat_projectn/aMozilla CorporationopenSUSESUSEApple Inc.McAfee, LLCDebian GNU/LinuxPython Software FoundationCanonical Ltd.
Product-pythonstudio_onsitelibexpatpolicy_auditorfirefoxmac_os_xleapubuntu_linuxopensuselinux_enterprise_software_development_kitlinux_enterprise_desktopdebian_linuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43527
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.24% / 89.59%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Action-Not Available
Vendor-starwindsoftwareMozilla CorporationNetApp, Inc.Oracle Corporation
Product-communications_cloud_native_core_network_slice_selection_functionstarwind_virtual_sancloud_backupe-series_santricity_os_controllercommunications_cloud_native_core_network_repository_functionnss_esrcommunications_cloud_native_core_binding_support_functionstarwind_san_\&_nascommunications_policy_managementnssNSS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-7179
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 83.54%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7188
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.33%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-7181
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-24.81% / 95.93%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-network_security_servicesfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7212
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.11%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-fedoraleapopensusefirefoxn/a
CVE-2015-7178
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.17% / 83.66%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7210
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-fedoraleapfirefoxopensusen/a
CVE-2015-7174
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7175
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7180
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7198
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.87% / 87.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7183
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-18.19% / 94.94%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-network_security_servicesfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7193
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.32%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-7177
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7176
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 84.95%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7192
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-firefoxmac_os_xn/a
CVE-2015-7199
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7200
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.26% / 83.95%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-7194
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 84.96%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7182
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.41% / 94.98%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-openssoiplanet_web_proxy_serveriplanet_web_servertraffic_directorfirefoxnetwork_security_servicesglassfish_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0304
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.52% / 96.79%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

Action-Not Available
Vendor-n/aMozilla CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-seamonkeywindowsthunderbirdlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4517
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.30%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4521
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4498
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.81%
||
7 Day CHG~0.00%
Published-29 Aug, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-4522
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4501
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.37% / 79.45%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4488
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.26% / 83.95%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CVE-2015-4509
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 85.29%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-4475
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 83.53%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4499
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-14 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4492
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.00% / 86.03%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CVE-2015-4514
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 82.27%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4487
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.42%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4489
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.61% / 85.08%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2712
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.32% / 88.46%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-firefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2728
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-3.28% / 86.66%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopn/a
CVE-2015-2709
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.34%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationNovellopenSUSE
Product-firefoxopensusesuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CVE-2004-0707
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.05%
||
7 Day CHG~0.00%
Published-21 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2015-2716
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-5.50% / 89.85%
||
7 Day CHG-0.14%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSENovell
Product-thunderbirdsolarisfirefoxopensusefirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2708
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.29%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationNovellopenSUSE
Product-firefoxopensusefirefox_esrsuse_linux_enterprise_serverthunderbirdsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CVE-2015-2743
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CVE-2015-0814
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-0801
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.42%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrthunderbirdn/a
CVE-2007-5038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.35%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 00:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found