Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0744

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-13 Jan, 2013 | 20:00
Updated At-06 Aug, 2024 | 14:33
Rejected At-
Credits

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:13 Jan, 2013 | 20:00
Updated At:06 Aug, 2024 | 14:33
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
vdb-entry
signature
x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-0145.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1681-4
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2013-0144.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=814713
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-1681-1
vendor-advisory
x_refsource_UBUNTU
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
vendor-advisory
x_refsource_SUSE
http://www.ubuntu.com/usn/USN-1681-2
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0145.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-1681-4
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0144.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=814713
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-1681-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-1681-2
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0145.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-1681-4
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0144.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=814713
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-1681-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.ubuntu.com/usn/USN-1681-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0145.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1681-4
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0144.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=814713
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1681-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1681-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:13 Jan, 2013 | 20:55
Updated At:11 Apr, 2025 | 00:51

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 18.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions from 10.0(inclusive) to 10.0.12(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions from 17.0(inclusive) to 17.0.2(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions before 2.15(exclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 17.0.2(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird_esr>>Versions from 10.0(inclusive) to 10.0.12(exclusive)
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird_esr>>Versions from 17.0(inclusive) to 17.0.2(exclusive)
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>10
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_desktop>>11
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>10
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>10
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>11
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>5.9
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>6.3
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>5.9
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0144.htmlsecurity@mozilla.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0145.htmlsecurity@mozilla.org
Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-05.htmlsecurity@mozilla.org
Vendor Advisory
http://www.ubuntu.com/usn/USN-1681-1security@mozilla.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-2security@mozilla.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-4security@mozilla.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=814713security@mozilla.org
Issue Tracking
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007security@mozilla.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0144.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0145.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-05.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ubuntu.com/usn/USN-1681-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-4af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=814713af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0144.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0145.html
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-1
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-2
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-4
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=814713
Source: security@mozilla.org
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0144.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0145.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2013/mfsa2013-05.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1681-4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=814713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1429Records found
CVE-2019-3462
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-8.1||HIGH
EPSS-9.91% / 92.72%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 21:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Debian GNU/Linux
Product-active_iqubuntu_linuxdebian_linuxadvanced_package_toolelement_softwareapt as used in Debian Stretch and Ubuntu
CVE-2012-1937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeythunderbirdthunderbird_esrn/a
CVE-2012-2039
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-3.87% / 87.76%
||
7 Day CHG~0.00%
Published-09 Jun, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationSUSEGoogle LLCAdobe Inc.Apple Inc.Red Hat, Inc.Linux Kernel Organization, IncopenSUSE
Product-airandroidenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusmacosflash_playerwindowsenterprise_linux_workstationopensuselinux_enterprise_desktoplinux_kernelenterprise_linux_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-3621
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.65%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-virtualizationenterprise_linux_server_ausenterprise_linuxvirtualization_hostsssdfedoraenterprise_linux_eusenterprise_linux_server_tussssd
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-1971
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.15% / 83.55%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CVE-2013-2251
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.23% / 99.92%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Action-Not Available
Vendor-n/aMicrosoft CorporationFujitsu LimitedRed Hat, Inc.The Apache Software FoundationOracle Corporation
Product-enterprise_linuxsolarisstrutsprimergyarchivasparcinterstage_business_process_manager_analyticswindows_server_2003gp-s_firmwareprimepowerprimergy_firmwaregp7000fwindows_server_2008siebel_apps_-_e-billingprimepower_firmwaregp7000f_firmwaregp5000_firmwaresparc_firmwaregp-swindows_server_2012gp5000n/aStruts
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2012-1952
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.56% / 80.74%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-2.70% / 85.30%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.64% / 92.59%
||
7 Day CHG~0.00%
Published-14 Mar, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrthunderbirdfirefoxseamonkeyn/a
CVE-2012-1133
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-3.52% / 87.18%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-15656
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 73.29%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 17:43
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Action-Not Available
Vendor-Canonical Ltd.openSUSEMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxfirefox_esrleapFirefoxFirefox ESRThunderbird
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2012-1132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-2.97% / 85.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1134
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-5.86% / 90.21%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1144
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-3.91% / 87.82%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.44% / 79.94%
||
7 Day CHG~0.00%
Published-01 Feb, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationSUSEDebian GNU/LinuxopenSUSE
Product-debian_linuxopensuselinux_enterprise_software_development_kitfirefoxlinux_enterprise_serverthunderbirdlinux_enterprise_desktopseamonkeyn/a
CVE-2012-1142
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-4.96% / 89.24%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1130
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-2.97% / 85.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0478
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.76% / 72.39%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdthunderbird_esrseamonkeyn/a
CVE-2012-1137
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-2.97% / 85.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-1139
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-2.97% / 85.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.

Action-Not Available
Vendor-freetypen/aMozilla Corporation
Product-freetypefirefox_mobilen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1732
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-33.16% / 96.76%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1697
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.91% / 82.55%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-1685
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.56% / 67.27%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxthunderbirdn/a
CVE-2013-1724
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.16% / 86.40%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeythunderbirdn/a
CVE-2013-1688
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.20% / 78.08%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1690
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-48.49% / 97.66%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Debian GNU/LinuxRed Hat, Inc.SUSEMozilla Corporation
Product-enterprise_linux_serverenterprise_linux_server_austhunderbird_esrfirefoxenterprise_linux_eusopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopthunderbirddebian_linuxgluster_storage_server_for_on-premiselinux_enterprise_serverlinux_enterprise_software_development_kitn/aFirefox and Thunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3647
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.75% / 72.12%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1704
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-4.70% / 88.95%
||
7 Day CHG~0.00%
Published-07 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2011-3650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.23% / 78.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1721
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.64% / 69.56%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3068
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.10% / 97.12%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2740
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.3||HIGH
EPSS-3.51% / 87.16%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aMozilla CorporationELAN Microelectronics Corporation
Product-rsa_key_manager_appliancefirefoxn/a
CVE-2013-0784
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.90% / 74.78%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-thunderbird_esrfirefoxseamonkeyopensuseubuntu_linuxthunderbirdn/a
CVE-2017-3074
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.80%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0765
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.42% / 79.83%
||
7 Day CHG~0.00%
Published-19 Feb, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxseamonkeyopensuseubuntu_linuxn/a
CVE-2013-0760
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.15% / 86.38%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2013-0770
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CVE-2011-3232
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.66% / 88.88%
||
7 Day CHG~0.00%
Published-29 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-2981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.28% / 78.77%
||
7 Day CHG~0.00%
Published-18 Aug, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2013-0758
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-87.37% / 99.42%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-1522
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-1.86% / 82.31%
||
7 Day CHG+0.10%
Published-13 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationFedora ProjectDebian GNU/Linux
Product-fedorafirefoxgraphite2thunderbirddebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3005
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.36% / 86.85%
||
7 Day CHG~0.00%
Published-29 Sep, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0648
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-36.93% / 97.03%
||
7 Day CHG~0.00%
Published-27 Feb, 2013 | 00:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-08||The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Action-Not Available
Vendor-n/aMicrosoft CorporationRed Hat, Inc.Adobe Inc.SUSEApple Inc.Linux Kernel Organization, IncopenSUSE
Product-flash_playerenterprise_linux_serverenterprise_linux_server_auslinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktoplinux_enterprise_desktopenterprise_linux_workstationwindowsmac_os_xn/aflash_playerFlash Player
CVE-2017-3072
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.80%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0750
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.81% / 87.65%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-3106
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-64.59% / 98.39%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xFlash Player
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2013-0764
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.50% / 80.38%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-3070
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.80%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3069
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.97% / 82.80%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-4185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.22% / 89.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.
Product-linux_enterprise_sdkenterprise_linux_desktoplinux_enterprise_serverubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxenterprise_linux_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 28
  • 29
  • Next
Details not found