Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2811

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-07 Jul, 2008 | 23:00
Updated At-07 Aug, 2024 | 09:14
Rejected At-
Credits

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:07 Jul, 2008 | 23:00
Updated At:07 Aug, 2024 | 09:14
Rejected At:
▼CVE Numbering Authority (CNA)

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=439735
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0549.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2009/dsa-1697
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/31021
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30898
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31403
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2008-0216
x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-2646
x_refsource_CONFIRM
http://secunia.com/advisories/30949
third-party-advisory
x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
vendor-advisory
x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2009/0977
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31069
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31008
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31377
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2008-0616.html
vendor-advisory
x_refsource_REDHAT
http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1993/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31023
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
vendor-advisory
x_refsource_MANDRIVA
http://www.securityfocus.com/bid/30038
vdb-entry
x_refsource_BID
http://secunia.com/advisories/30915
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1607
vendor-advisory
x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200808-03.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/31005
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/33433
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
vendor-advisory
x_refsource_FEDORA
http://www.securitytracker.com/id?1020419
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/31253
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/31183
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30903
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0547.html
vendor-advisory
x_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
vendor-advisory
x_refsource_FEDORA
http://www.ubuntu.com/usn/usn-629-1
vendor-advisory
x_refsource_UBUNTU
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
vendor-advisory
x_refsource_SUNALERT
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
vendor-advisory
x_refsource_SLACKWARE
http://www.kb.cert.org/vuls/id/607267
third-party-advisory
x_refsource_CERT-VN
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
vendor-advisory
x_refsource_SLACKWARE
http://www.debian.org/security/2008/dsa-1615
vendor-advisory
x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/31220
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31195
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31076
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-619-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/30911
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0569.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/30878
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1621
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/494080/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/31286
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/34501
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=439735
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0549.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2009/dsa-1697
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/31021
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30898
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31403
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0216
Resource:
x_refsource_CONFIRM
Hyperlink: https://issues.rpath.com/browse/RPL-2646
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/30949
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.vupen.com/english/advisories/2009/0977
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31069
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31008
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31377
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2008-0616.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/1993/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31023
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securityfocus.com/bid/30038
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/30915
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1607
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/31005
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/33433
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securitytracker.com/id?1020419
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/31253
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/31183
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30903
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0547.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.ubuntu.com/usn/usn-629-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.kb.cert.org/vuls/id/607267
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.debian.org/security/2008/dsa-1615
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/31220
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31195
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31076
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-619-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/30911
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0569.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/30878
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1621
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/archive/1/494080/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/31286
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/34501
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=439735
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0549.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2009/dsa-1697
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/31021
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30898
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31403
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2008-0216
x_refsource_CONFIRM
x_transferred
https://issues.rpath.com/browse/RPL-2646
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/30949
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.vupen.com/english/advisories/2009/0977
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31069
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31008
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31377
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2008-0616.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/1993/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31023
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securityfocus.com/bid/30038
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/30915
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1607
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://security.gentoo.org/glsa/glsa-200808-03.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/31005
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/33433
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securitytracker.com/id?1020419
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/31253
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/31183
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30903
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0547.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.ubuntu.com/usn/usn-629-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.kb.cert.org/vuls/id/607267
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.debian.org/security/2008/dsa-1615
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/31220
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31195
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31076
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-619-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/30911
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0569.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/30878
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1621
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/archive/1/494080/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/31286
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/34501
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=439735
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0549.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1697
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/31021
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30898
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31403
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0216
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-2646
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/30949
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0977
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31069
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31008
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31377
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2008-0616.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1993/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31023
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30038
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/30915
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1607
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/31005
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/33433
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020419
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/31253
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/31183
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30903
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0547.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-629-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/607267
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1615
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/31220
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31195
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31076
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-619-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/30911
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0569.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/30878
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1621
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/494080/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/31286
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/34501
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:07 Jul, 2008 | 23:41
Updated At:11 Oct, 2018 | 20:44

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions up to 2.0.0.14(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.1
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.2
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.3
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.4
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.5
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.6
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.7
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.8
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.9
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.10
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.11
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.12
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>2.0.0.13
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions up to 1.1.9(inclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions up to 2.0.0.14(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.0
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.1
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.2
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.3
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.4
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.5
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.6
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.8
cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.9
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.11
cpe:2.3:a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.12
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>2.0.0.13
cpe:2.3:a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2008-0616.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/30878secalert@redhat.com
N/A
http://secunia.com/advisories/30898secalert@redhat.com
N/A
http://secunia.com/advisories/30903secalert@redhat.com
N/A
http://secunia.com/advisories/30911secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30915secalert@redhat.com
N/A
http://secunia.com/advisories/30949secalert@redhat.com
N/A
http://secunia.com/advisories/31005secalert@redhat.com
N/A
http://secunia.com/advisories/31008secalert@redhat.com
N/A
http://secunia.com/advisories/31021secalert@redhat.com
N/A
http://secunia.com/advisories/31023secalert@redhat.com
N/A
http://secunia.com/advisories/31069secalert@redhat.com
N/A
http://secunia.com/advisories/31076secalert@redhat.com
N/A
http://secunia.com/advisories/31183secalert@redhat.com
N/A
http://secunia.com/advisories/31195secalert@redhat.com
N/A
http://secunia.com/advisories/31220secalert@redhat.com
N/A
http://secunia.com/advisories/31253secalert@redhat.com
N/A
http://secunia.com/advisories/31286secalert@redhat.com
N/A
http://secunia.com/advisories/31377secalert@redhat.com
N/A
http://secunia.com/advisories/31403secalert@redhat.com
N/A
http://secunia.com/advisories/33433secalert@redhat.com
N/A
http://secunia.com/advisories/34501secalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-200808-03.xmlsecalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152secalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911secalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1secalert@redhat.com
N/A
http://wiki.rpath.com/Advisories:rPSA-2008-0216secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1607secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1615secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1621secalert@redhat.com
N/A
http://www.debian.org/security/2009/dsa-1697secalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/607267secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155secalert@redhat.com
N/A
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/2008/mfsa2008-33.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0547.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0549.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0569.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/494080/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/30038secalert@redhat.com
N/A
http://www.securitytracker.com/id?1020419secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-619-1secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-629-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/1993/referencessecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/0977secalert@redhat.com
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=439735secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-2646secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.htmlsecalert@redhat.com
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2008-0616.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30878
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30898
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30903
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30911
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/30915
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30949
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31005
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31008
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31021
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31023
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31069
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31076
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31183
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31195
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31220
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31253
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31286
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31377
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31403
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/33433
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/34501
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-03.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0216
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1607
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1615
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1621
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1697
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/607267
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0547.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0549.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0569.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/494080/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30038
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020419
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-619-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-629-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1993/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0977
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=439735
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-2646
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9865
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

325Records found
CVE-2013-0801
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.56% / 80.72%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-0795
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-03 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CVE-2013-1681
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.80% / 85.55%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-1676
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.59% / 80.92%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1702
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2013-1682
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 78.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-1677
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.40% / 79.64%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-1718
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.56% / 80.72%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0788
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.35% / 79.33%
||
7 Day CHG~0.00%
Published-03 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CVE-2013-0789
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.35% / 79.33%
||
7 Day CHG~0.00%
Published-03 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2013-1678
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.73% / 87.54%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1710
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-79.22% / 99.03%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1736
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.73% / 87.54%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1683
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.27% / 78.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2013-1705
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-5.28% / 89.63%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0796
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.30% / 86.71%
||
7 Day CHG~0.00%
Published-03 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationLinux Kernel Organization, Inc
Product-linux_kernelfirefoxseamonkeythunderbird_esrthunderbirdn/a
CVE-2013-0767
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.91% / 82.53%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7779
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-3968
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.85% / 82.27%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-3983
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.77% / 72.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla Corporation
Product-linux_enterprise_serverubuntu_linuxseamonkeythunderbirdlinux_enterprise_desktopfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.09% / 83.34%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-3959
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.52% / 87.17%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-4190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.53% / 92.03%
||
7 Day CHG~0.00%
Published-12 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-cyanogenmodn/aMozilla Corporation
Product-firefoxcyanogenmodn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3963
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.31% / 84.15%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-3956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.31% / 84.15%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-4212
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverubuntu_linuxlinux_enterprise_software_development_kitseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2012-4218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverubuntu_linuxlinux_enterprise_software_development_kitseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2012-3957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.96% / 85.96%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-3964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.13% / 83.47%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbird_esrthunderbirdseamonkeyn/a
CVE-2012-3970
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.74% / 85.42%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeythunderbirdthunderbird_esrn/a
CVE-2012-1954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.40% / 86.93%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1962
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.40% / 86.93%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.40% / 86.93%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1972
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1974
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.40% / 86.93%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1975
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.31% / 86.73%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.25% / 88.35%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-416
Use After Free
CVE-2012-1970
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirddebian_linuxlinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.23% / 83.85%
||
7 Day CHG~0.00%
Published-01 Feb, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

Action-Not Available
Vendor-n/aMozilla CorporationSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-ubuntu_linuxdebian_linuxopensuselinux_enterprise_software_development_kitfirefoxlinux_enterprise_serverthunderbirdlinux_enterprise_desktopseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0469
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-44.80% / 97.49%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2014-1536
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2012-0468
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.46% / 84.62%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0470
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-17.29% / 94.78%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1126
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-3.43% / 87.00%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0443
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.62% / 85.11%
||
7 Day CHG~0.00%
Published-01 Feb, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2011-3660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.75% / 87.56%
||
7 Day CHG~0.00%
Published-21 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2011-3651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.46% / 84.63%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CVE-2011-3652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.92% / 90.27%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found