CVEs (704)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Feb 1, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain...Show more |
3Mozilla OpensuseSuse7Firefox Linux Enterprise DesktopLinux Enterprise Server+4 moreApr 29, 2026 Feb 1, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vector...Show more |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO el...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 21, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrec...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 21, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKe...Show more |
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via cra...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 21, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption...Show more |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 7, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequen...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 7, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method,...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Dec 7, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain...Show more |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a ba...Show more |
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaS...Show more |
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code...Show more |
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers...Show more |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-all...Show more |
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a d...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, whic...Show more |
1Mozilla 3Firefox SeamonkeyThunderbirdApr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy v...Show more |