Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0458

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Mar, 2012 | 19:00
Updated At-06 Aug, 2024 | 18:23
Rejected At-
Credits

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Mar, 2012 | 19:00
Updated At:06 Aug, 2024 | 18:23
Rejected At:
â–¼CVE Numbering Authority (CNA)

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/48402
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/48624
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-1400-5
vendor-advisory
x_refsource_UBUNTU
http://www.securityfocus.com/bid/52460
vdb-entry
x_refsource_BID
http://secunia.com/advisories/48414
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48359
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48823
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1401-1
vendor-advisory
x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1400-4
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.mozilla.org/show_bug.cgi?id=723808
x_refsource_CONFIRM
http://secunia.com/advisories/48629
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
vdb-entry
signature
x_refsource_OVAL
http://www.ubuntu.com/usn/USN-1400-3
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2012-0387.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/48496
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=718203
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=719994
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1400-2
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2012/dsa-2458
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/48920
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2433
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
vendor-advisory
x_refsource_MANDRIVA
http://www.securitytracker.com/id?1026803
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/48495
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48553
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1400-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/48561
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0388.html
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id?1026801
vdb-entry
x_refsource_SECTRACK
http://www.securitytracker.com/id?1026804
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/48513
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/48402
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/48624
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-1400-5
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securityfocus.com/bid/52460
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/48414
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48359
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48823
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1401-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.ubuntu.com/usn/USN-1400-4
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/48629
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.ubuntu.com/usn/USN-1400-3
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/48496
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-1400-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2012/dsa-2458
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/48920
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2012/dsa-2433
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securitytracker.com/id?1026803
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/48495
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48553
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1400-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/48561
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0388.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id?1026801
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id?1026804
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/48513
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/48402
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/48624
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-1400-5
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securityfocus.com/bid/52460
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/48414
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48359
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48823
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1401-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.ubuntu.com/usn/USN-1400-4
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=723808
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/48629
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.ubuntu.com/usn/USN-1400-3
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0387.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/48496
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=718203
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=719994
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-1400-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2012/dsa-2458
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/48920
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2012/dsa-2433
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securitytracker.com/id?1026803
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/48495
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48553
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1400-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/48561
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0388.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id?1026801
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securitytracker.com/id?1026804
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/48513
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/48402
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/48624
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1400-5
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securityfocus.com/bid/52460
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/48414
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48359
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48823
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1401-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1400-4
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/48629
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1400-3
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/48496
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1400-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2458
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/48920
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2433
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026803
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/48495
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48553
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1400-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/48561
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0388.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026801
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026804
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/48513
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Mar, 2012 | 19:55
Updated At:29 Apr, 2026 | 01:13

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Mozilla Corporation
mozilla
>>firefox>>Versions up to 3.6.27(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions between 4.0(exclusive) and 10.0(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0
cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.1
cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>10.0.2
cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions from 1.0(inclusive) to 3.1.19(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions between 5.0(exclusive) and 10.0(inclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird_esr>>10.0
cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird_esr>>10.0.1
cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird_esr>>10.0.2
cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>-
cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.1
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.9
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.10
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.11
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.12
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.13
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.14
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.15
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.16
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.17
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.18
cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.1.19
cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.5.0.8
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.5.0.9
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>1.5.0.10
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>2.0
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlcve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2012-0388.htmlcve@mitre.org
N/A
http://secunia.com/advisories/48359cve@mitre.org
N/A
http://secunia.com/advisories/48402cve@mitre.org
N/A
http://secunia.com/advisories/48414cve@mitre.org
N/A
http://secunia.com/advisories/48495cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48496cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48513cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48553cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48561cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48624cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48629cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48823cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48920cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032cve@mitre.org
N/A
http://www.mozilla.org/security/announce/2012/mfsa2012-16.htmlcve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/52460cve@mitre.org
N/A
http://www.securitytracker.com/id?1026801cve@mitre.org
N/A
http://www.securitytracker.com/id?1026803cve@mitre.org
N/A
http://www.securitytracker.com/id?1026804cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1400-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1400-2cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=718203cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=719994cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=723808cve@mitre.org
Issue Tracking
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0388.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48359af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48402af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48414af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48495af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48496af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48513af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48553af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48561af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48624af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48629af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48823af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48920af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2433af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2458af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/2012/mfsa2012-16.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/52460af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026801af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026803af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026804af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1400-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1400-2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=718203af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=719994af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=723808af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/48359
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/48402
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/48414
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/48495
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48496
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48513
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48553
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48561
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48624
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48629
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48823
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48920
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2433
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2458
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/52460
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026801
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026803
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026804
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1400-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1400-2
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-3
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-4
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-5
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1401-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48359
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48402
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48495
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48496
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48513
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48553
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48561
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48624
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48920
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2433
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2458
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/52460
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026801
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026803
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026804
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1400-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1400-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1400-5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1401-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=718203
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=719994
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=723808
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

312Records found

CVE-2006-1733
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.08% / 91.30%
||
7 Day CHG~0.00%
Published-14 Apr, 2006 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxmozilla_suitethunderbirdseamonkeyn/a
CVE-2011-3664
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.36% / 68.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-thunderbirdfirefoxseamonkeymac_os_xn/a
CVE-2020-15669
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.12% / 62.18%
||
7 Day CHG+0.01%
Published-01 Oct, 2020 | 18:42
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrthunderbirdThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2004-0705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.37% / 68.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2004-0191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.61% / 72.96%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozillan/a
CVE-2017-7755
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-1.41% / 69.32%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-windowsthunderbirdfirefoxFirefoxFirefox ESRThunderbird
CWE ID-CWE-426
Untrusted Search Path
CVE-2003-0602
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.15% / 63.03%
||
7 Day CHG~0.00%
Published-29 Jul, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2003-0154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.59% / 90.50%
||
7 Day CHG~0.00%
Published-26 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bonsain/a
CVE-2015-7216
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.13% / 79.68%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.

Action-Not Available
Vendor-n/aThe GNOME ProjectopenSUSEMozilla CorporationFedora Project
Product-firefoxleapfedoragnomeopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4510
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.02% / 85.80%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-7204
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.49% / 87.71%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationFedora Project
Product-leapfirefoxopensusefedoran/a
CVE-2015-7184
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.66% / 73.82%
||
7 Day CHG~0.00%
Published-18 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-7189
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.11% / 86.19%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-7213
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.08% / 89.45%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationFedora Project
Product-leapfirefoxopensusefedoran/a
CVE-2015-7196
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.66% / 88.26%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2011-0046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 62.60%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-35112
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.29% / 66.69%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 13:50
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2015-4506
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.92% / 91.06%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4511
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.77% / 90.82%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4491
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.40% / 94.30%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME ProjectopenSUSEGoogle LLCOracle CorporationLinux Kernel Organization, IncMozilla CorporationFedora Project
Product-gdk-pixbuffirefoxubuntu_linuxsolarisfedorachromelinux_kernelopensusen/a
CVE-2019-17013
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 53.56%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:25
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17019
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.05% / 59.97%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:28
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsFirefox
CVE-2015-2717
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-firefoxopensusen/a
CVE-2015-2706
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.59% / 83.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2015-2713
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.98% / 89.24%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationNovell
Product-thunderbirdsuse_linux_enterprise_software_development_kitfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopopensusen/a
CVE-2019-17024
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.46% / 82.44%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:31
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEMozilla Corporation
Product-enterprise_linux_serverubuntu_linuxdebian_linuxfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17025
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.28% / 66.51%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:31
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-2727
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.81% / 75.91%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17026
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-46.59% / 98.67%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 04:05
Updated-04 Nov, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxthunderbirdubuntu_linuxFirefox ESRFirefoxThunderbirdFirefox and Thunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-17008
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.86%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:17
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Action-Not Available
Vendor-openSUSEMozilla Corporation
Product-firefoxthunderbirdfirefox_esrleapThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2015-0797
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.44% / 91.75%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Action-Not Available
Vendor-gstreamern/aLinux Kernel Organization, IncSUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxdebian_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopgstreamerlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_kernellinux_enterprise_software_development_kitn/a
CVE-2015-0817
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.68% / 88.31%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrseamonkeyn/a
CVE-2015-0829
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.03% / 92.47%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMozilla Corporation
Product-solarisfirefoxubuntu_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0826
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.38% / 87.31%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0828
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.89% / 88.96%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

Action-Not Available
Vendor-n/aopenSUSEMozilla CorporationOracle Corporation
Product-solarisfirefoxopensusen/a
CVE-2015-0831
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.16% / 89.64%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxfirefox_esrubuntu_linuxenterprise_linuxn/a
CVE-2019-17017
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.49% / 82.68%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:27
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2012-4193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 63.14%
||
7 Day CHG-0.00%
Published-12 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.SUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxlinux_enterprise_desktopseamonkeyenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_euslinux_enterprise_software_development_kitn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2014-8639
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.90% / 77.18%
||
7 Day CHG~0.00%
Published-14 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxfirefox_esrseamonkeyn/a
CVE-2014-8638
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.02% / 59.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxfirefox_esrseamonkeyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9078
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-9077
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7||HIGH
EPSS-0.77% / 51.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-2795
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.28% / 80.99%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aopenSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxgraphite2linux_enterpriseleaplinuxopensusen/a
CVE-2019-17005
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.89% / 77.05%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 21:14
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxfirefox_esrleapThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43534
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.66%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1589
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.80% / 75.84%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-1477
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.51% / 91.83%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CVE-2014-1594
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.41% / 87.40%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1592
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.38% / 87.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2006-6501
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-20 Dec, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxseamonkeyfirefoxn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found