Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0790 1Mozilla 1Firefox Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary...Show more Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.Show less
CVE-2013-0789 1Mozilla 2Firefox Seamonkey Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.Show less
CVE-2013-0788 1Mozilla 4Firefox SeamonkeyThunderbird+1 more Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow re...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2013-2566 4Canonical FujitsuMozilla+1 more 16Communications Application Session Controller FirefoxHttp Server+13 more Apr 29, 2026 Mar 15, 2013 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a l...Show more The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.Show less
CVE-2013-0787 1Mozilla 4Firefox SeamonkeyThunderbird+1 more Apr 29, 2026 Mar 11, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17....Show more Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.Show less
CVE-2013-0786 1Mozilla 1Bugzilla Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists,...Show more The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.Show less
CVE-2013-0785 1Mozilla 1Bugzilla Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitra...Show more Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.Show less
CVE-2013-0784 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and a...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2013-0783 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise Linux AusEnterprise Linux Desktop+9 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow re...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2013-0782 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise Linux AusEnterprise Linux Desktop+9 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey...Show more Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2013-0781 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a de...Show more Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2013-0780 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise Linux AusEnterprise Linux Desktop+9 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMon...Show more Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.Show less
CVE-2013-0779 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bou...Show more The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.Show less
CVE-2013-0778 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds...Show more The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.Show less
CVE-2013-0777 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause...Show more Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2013-0776 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise Linux AusEnterprise Linux Desktop+9 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operatin...Show more Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.Show less
CVE-2013-0775 5Canonical DebianMozilla+2 more 12Debian Linux Enterprise Linux AusEnterprise Linux Desktop+9 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMo...Show more Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.Show less
CVE-2013-0774 3Canonical MozillaOpensuse 6Firefox OpensuseSeamonkey+3 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile dir...Show more Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.Show less
CVE-2013-0773 4Canonical DebianMozilla+1 more 7Debian Linux FirefoxOpensuse+4 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey b...Show more The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.Show less
CVE-2013-0772 4Canonical MozillaOpensuse+1 more 9Enterprise Linux Aus Enterprise Linux DesktopEnterprise Linux Eus+6 more Apr 29, 2026 Feb 19, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of...Show more The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.Show less

Previous 1...121122123...179 Next