Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-3452

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-28 Jan, 2011 | 21:13
Updated At-07 Aug, 2024 | 03:11
Rejected At-
Credits

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:28 Jan, 2011 | 21:13
Updated At:07 Aug, 2024 | 03:11
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/40775
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/46031
vdb-entry
x_refsource_BID
http://www.debian.org/security/2011/dsa-2151
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/60799
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/43118
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/43065
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0230
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1025002
vdb-entry
x_refsource_SECTRACK
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0232
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-0182.html
vendor-advisory
x_refsource_REDHAT
http://ubuntu.com/usn/usn-1056-1
vendor-advisory
x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2011-0181.html
vendor-advisory
x_refsource_REDHAT
http://osvdb.org/70713
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2011/0279
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/43105
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
vendor-advisory
x_refsource_MANDRIVA
http://www.vsecurity.com/resources/advisory/20110126-1
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=640241
x_refsource_CONFIRM
http://www.cs.brown.edu/people/drosenbe/research.html
x_refsource_MISC
http://secunia.com/advisories/42999
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/40775
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/46031
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2011/dsa-2151
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/60799
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/43118
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/43065
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1025002
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0232
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0182.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://ubuntu.com/usn/usn-1056-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0181.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://osvdb.org/70713
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2011/0279
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/43105
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vsecurity.com/resources/advisory/20110126-1
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=640241
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.cs.brown.edu/people/drosenbe/research.html
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/42999
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/40775
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/46031
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2011/dsa-2151
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/60799
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/43118
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/43065
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0230
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1025002
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0232
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0182.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://ubuntu.com/usn/usn-1056-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0181.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://osvdb.org/70713
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2011/0279
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/43105
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vsecurity.com/resources/advisory/20110126-1
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=640241
x_refsource_CONFIRM
x_transferred
http://www.cs.brown.edu/people/drosenbe/research.html
x_refsource_MISC
x_transferred
http://secunia.com/advisories/42999
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/40775
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46031
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2151
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/60799
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/43118
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/43065
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025002
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0232
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0182.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://ubuntu.com/usn/usn-1056-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0181.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://osvdb.org/70713
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0279
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/43105
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vsecurity.com/resources/advisory/20110126-1
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=640241
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.cs.brown.edu/people/drosenbe/research.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/42999
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:28 Jan, 2011 | 22:00
Updated At:29 Apr, 2026 | 01:13

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches

The Apache Software Foundation
apache
>>openoffice>>Versions from 2.0.0(inclusive) to 3.3.0(exclusive)
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.10
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.10
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://osvdb.org/70713secalert@redhat.com
Broken Link
http://secunia.com/advisories/40775secalert@redhat.com
Broken Link
http://secunia.com/advisories/42999secalert@redhat.com
Broken Link
http://secunia.com/advisories/43065secalert@redhat.com
Broken Link
http://secunia.com/advisories/43105secalert@redhat.com
Broken Link
http://secunia.com/advisories/43118secalert@redhat.com
Broken Link
http://secunia.com/advisories/60799secalert@redhat.com
Broken Link
http://ubuntu.com/usn/usn-1056-1secalert@redhat.com
Third Party Advisory
http://www.cs.brown.edu/people/drosenbe/research.htmlsecalert@redhat.com
Broken Link
http://www.debian.org/security/2011/dsa-2151secalert@redhat.com
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlsecalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027secalert@redhat.com
Broken Link
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.htmlsecalert@redhat.com
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlsecalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0181.htmlsecalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0182.htmlsecalert@redhat.com
Broken Link
http://www.securityfocus.com/bid/46031secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1025002secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.vsecurity.com/resources/advisory/20110126-1secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2011/0230secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2011/0232secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2011/0279secalert@redhat.com
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=640241secalert@redhat.com
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031secalert@redhat.com
Third Party Advisory
VDB Entry
http://osvdb.org/70713af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/40775af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42999af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/43065af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/43105af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/43118af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/60799af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://ubuntu.com/usn/usn-1056-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.cs.brown.edu/people/drosenbe/research.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2011/dsa-2151af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0181.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0182.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/46031af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1025002af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.vsecurity.com/resources/advisory/20110126-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2011/0230af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2011/0232af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2011/0279af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=640241af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://osvdb.org/70713
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/40775
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/42999
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43065
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43105
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43118
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/60799
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://ubuntu.com/usn/usn-1056-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.cs.brown.edu/people/drosenbe/research.html
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2011/dsa-2151
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0181.html
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0182.html
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/46031
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1025002
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vsecurity.com/resources/advisory/20110126-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0232
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0279
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=640241
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://osvdb.org/70713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/40775
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/42999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43065
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43105
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/43118
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/60799
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://ubuntu.com/usn/usn-1056-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.cs.brown.edu/people/drosenbe/research.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2011/dsa-2151
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0181.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0182.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/46031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1025002
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vsecurity.com/resources/advisory/20110126-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0232
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2011/0279
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=640241
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1404Records found

CVE-2014-1482
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-6.30% / 92.75%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1519
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-4.98% / 91.15%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationFedora Project
Product-firefoxubuntu_linuxseamonkeyfedoraopensusen/a
CVE-2014-1490
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.99% / 89.26%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEMozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdfirefoxenterprise_manager_ops_centerseamonkeyvm_serverlinux_enterprise_desktopdebian_linuxubuntu_linuxlinux_enterprise_serverfedoralinux_enterprise_software_development_kitnetwork_security_servicesopensusen/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-0461
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-5.94% / 92.37%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aCanonical Ltd.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjreforms_viewerwindowsn/a
CVE-2014-0455
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-5.46% / 91.77%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.

Action-Not Available
Vendor-n/aCanonical Ltd.IBM CorporationOracle CorporationMicrosoft Corporation
Product-ubuntu_linuxjdkjreforms_viewerwindowsn/a
CVE-2006-7236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.47% / 93.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

Action-Not Available
Vendor-invisible-islandn/aUbuntuDebian GNU/Linux
Product-debian_linuxlinuxxtermn/a
CVE-2013-2870
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.3||HIGH
EPSS-2.33% / 81.48%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxn/a
CVE-2013-2251
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 01:00
Updated-22 Apr, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFujitsu LimitedMicrosoft CorporationRed Hat, Inc.Oracle Corporation
Product-archivawindows_server_2008strutssiebel_apps_-_e-billinginterstage_business_process_manager_analyticssolarisenterprise_linuxwindows_server_2012windows_server_2003n/aStruts
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-2134
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-70.21% / 99.30%
||
7 Day CHG~0.00%
Published-16 Jul, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1965
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-93.81% / 99.83%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-struts2-showcasestrutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1966
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-71.77% / 99.35%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-2115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-72.78% / 99.38%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1690
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-69.02% / 99.27%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-22 Apr, 2026 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.Red Hat, Inc.SUSEDebian GNU/Linux
Product-thunderbirddebian_linuxfirefoxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationlinux_enterprise_desktopthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_eusgluster_storage_server_for_on-premiselinux_enterprise_software_development_kitopensusen/aFirefox and Thunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0764
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.15% / 86.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2013-0758
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-73.36% / 99.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0757
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-60.86% / 99.04%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0750
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-6.33% / 92.78%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-0858
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.3||HIGH
EPSS-3.12% / 86.23%
||
7 Day CHG~0.00%
Published-07 Dec, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-debian_linuxffmpegn/a
CVE-2013-0768
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-7.63% / 93.83%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0771
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.33% / 91.63%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0779
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.03% / 91.21%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeythunderbird_esropensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-0752
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-6.62% / 93.05%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0769
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.78% / 92.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CVE-2013-0784
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-4.73% / 90.75%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeythunderbird_esropensusen/a
CVE-2013-0782
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.36% / 91.66%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdenterprise_linux_ausfirefoxdebian_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationubuntu_linuxthunderbird_esrenterprise_linux_desktopenterprise_linux_eusopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0765
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-2.74% / 84.39%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxseamonkeyopensusen/a
CVE-2013-0749
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.80% / 92.22%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2013-0760
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-5.33% / 91.63%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2012-5838
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.16% / 92.61%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.79% / 90.85%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrdebian_linuxenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CVE-2012-5829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.44% / 94.34%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrdebian_linuxenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-5839
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.00% / 93.38%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-5843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.78% / 92.19%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopthunderbird_esrlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2020-15656
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.51% / 71.36%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 17:43
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2012-6075
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-4.90% / 91.04%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEQEMUSUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_serverqemuenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausfedoravirtualizationenterprise_linuxopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-13958
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-2.69% / 84.03%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 15:17
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-openofficeApache OpenOffice
CVE-2012-4180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.27% / 94.75%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationdebian_linuxthunderbird_esrlinux_enterprise_desktopenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.08% / 86.07%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationlinux_enterprise_desktopthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CVE-2012-4191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.87% / 88.92%
||
7 Day CHG~0.00%
Published-12 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationCanonical Ltd.
Product-thunderbirdfirefoxubuntu_linuxseamonkeyn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-4204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.78% / 92.19%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEMozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxlinux_enterprise_desktopseamonkeylinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-14.70% / 96.26%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeydebian_linuxenterprise_linux_serverenterprise_linux_workstationthunderbird_esrlinux_enterprise_desktopenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3995
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.02% / 91.21%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationlinux_enterprise_desktopthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-3967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.39% / 90.13%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_kernellinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-4202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.08% / 95.38%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-4185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.57% / 94.41%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationlinux_enterprise_desktopthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3982
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.73% / 90.75%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationdebian_linuxthunderbird_esrlinux_enterprise_desktopenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CVE-2012-4187
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.84% / 93.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationlinux_enterprise_desktopthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-14.70% / 96.26%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdlinux_enterprise_sdkfirefoxubuntu_linuxseamonkeyenterprise_linux_serverenterprise_linux_workstationdebian_linuxthunderbird_esrlinux_enterprise_desktopenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3989
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationSUSE
Product-thunderbirdfirefoxubuntu_linuxlinux_enterprise_desktopseamonkeylinux_enterprise_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2248
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-8.1||HIGH
EPSS-2.38% / 81.84%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 17:40
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

Action-Not Available
Vendor-dhclient_projectisc-dhcpDebian GNU/Linux
Product-dhclientdebian_linuxisc-dhcp
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 28
  • 29
  • Next
Details not found