Search CVE reports
1 – 10 of 541 results
CVE-2013-6167
Low priorityMozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | Ignored |
| seamonkey | — | — | — | — | Not in release |
| thunderbird | — | — | — | — | Ignored |
| xulrunner-1.9.2 | — | — | — | — | Not in release |
CVE-2013-1697
Medium prioritySome fixes available 6 of 10
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls,...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1694
Medium prioritySome fixes available 6 of 10
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1693
Low prioritySome fixes available 6 of 10
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1692
Medium prioritySome fixes available 6 of 10
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1690
Medium prioritySome fixes available 6 of 10
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1687
Medium prioritySome fixes available 6 of 10
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1686
Medium prioritySome fixes available 6 of 10
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1685
Medium prioritySome fixes available 6 of 10
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
CVE-2013-1684
Medium prioritySome fixes available 6 of 10
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before...
4 affected packages
firefox, seamonkey, thunderbird, xulrunner-1.9.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |