VIR Vulnerability Intelligence Relay

Search

Found 22 results in 494ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-4367 high 8.8 9.8 EXPFIX rhel rockydebian debian mozillaopen-xchange 2y ago A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thu…
CVE-2016-2819 high 8.8 9.8 EXPFIX slesdebian debianubuntu ubuntu mozilla 10y ago Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fr…
CVE-2016-1960 high 8.8 9.8 EXPFIX debian debiansuse suse mozilla 10y ago Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause…
CVE-2015-4481 low 4.3 EXP suse suse mozilla 11y ago Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privi…
CVE-2015-4000 low 3.7 4.7 EXPFIX slesdebian debianmacos macos opensslibmoracle 11y ago The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to c…
CVE-2015-0816 medium 6.0 EXP mozilla 11y ago Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScr…
CVE-2015-0802 medium 6.0 EXP suse suseubuntu ubuntu mozilla 11y ago Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr…
CVE-2014-8636 high 8.5 EXP mozilla 12y ago The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to exe…
CVE-2014-1564 medium 5.3 EXP suse suse mozilla 12y ago Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive info…
CVE-2013-6674 medium 5.3 EXP mozilla 13y ago Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject ar…
CVE-2013-6167 medium 7.8 EXP sles mozilla 13y ago Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers…
CVE-2013-1743 medium 5.3 EXP mozilla 13y ago Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HT…
CVE-2013-1742 medium 5.3 EXP mozilla 13y ago Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote att…
CVE-2013-1727 medium 5.0 EXP mozilla 13y ago Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by usin…
CVE-2013-1670 medium 5.3 EXP mozilla 13y ago The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acqui…
CVE-2013-2566 medium 5.9 6.9 EXP ubuntu ubuntu oraclemozilla 13y ago The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis…
CVE-2011-3658 high 8.5 EXP mozilla 15y ago The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of se…
CVE-2011-3389 medium 5.3 EXPFIX slesdebian debianubuntu ubuntu googlemicrosoftmozilla 15y ago The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode wi…
CVE-2010-3770 medium 5.3 EXP mozilla 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arb…
CVE-2010-3171 medium 6.8 EXP mozilla 16y ago The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per docu…
CVE-2010-0168 high 8.6 EXP mozilla 16y ago The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy …
CVE-2010-0166 medium 6.1 EXP macos macos mozilla 16y ago The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perfo…