This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2006-02-02
Product Seamonkey Last view 2015-05-20
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* 632
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* 628
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* 617
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* 615
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* 606
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* 606
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:* 606
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* 602
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* 599
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* 595
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* 595
cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:* 591
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* 590
cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:* 584
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* 582
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:* 574
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* 574
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* 571
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* 569
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:* 569
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:* 568
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:* 568
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:* 568
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:* 565
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:* 562
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:* 558
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:* 557
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* 546
cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:* 546
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:* 536
cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:* 536
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:* 523
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:* 522
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:* 510
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:* 498
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:* 483
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:* 475
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:* 471
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:* 465
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:* 463
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:* 462
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:* 458
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:* 458
cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:* 457

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.7 2015-05-20 CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

7.5 2015-03-23 CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

6.8 2015-03-23 CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

4.3 2015-01-14 CVE-2014-8642

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.

7.5 2015-01-14 CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

5 2015-01-14 CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.

6.8 2015-01-14 CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

6.8 2015-01-14 CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

5 2015-01-14 CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

7.5 2015-01-14 CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

7.5 2015-01-14 CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5 2015-01-14 CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

4.3 2014-12-11 CVE-2014-8632

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

4.3 2014-12-11 CVE-2014-8631

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

6.8 2014-12-11 CVE-2014-1594

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

6.8 2014-12-11 CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

6.8 2014-12-11 CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

4.3 2014-12-11 CVE-2014-1591

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

4.3 2014-12-11 CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.

6.8 2014-12-11 CVE-2014-1589

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

6.8 2014-12-11 CVE-2014-1588

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

6.8 2014-12-11 CVE-2014-1587

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10 2014-04-30 CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

10 2014-04-30 CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

4.3 2014-04-30 CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

CWE : Common Weakness Enumeration

%idName
25% (130) CWE-399 Resource Management Errors
18% (95) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (73) CWE-264 Permissions, Privileges, and Access Controls
8% (46) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
8% (42) CWE-20 Improper Input Validation
6% (34) CWE-200 Information Exposure
5% (26) CWE-189 Numeric Errors
4% (25) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (11) CWE-16 Configuration
1% (9) CWE-310 Cryptographic Issues
0% (5) CWE-287 Improper Authentication
0% (5) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (3) CWE-284 Access Control (Authorization) Issues
0% (2) CWE-362 Race Condition
0% (2) CWE-352 Cross-Site Request Forgery (CSRF)
0% (2) CWE-255 Credentials Management
0% (1) CWE-682 Incorrect Calculation
0% (1) CWE-254 Security Features
0% (1) CWE-199 Information Management Errors
0% (1) CWE-91 XML Injection (aka Blind XPath Injection)
0% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-17 Code

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:1514 Element position: Style Change Vulnerability
oval:org.mitre.oval:def:1562 Mozilla QueryInterface Memory Corruption Vulnerability
oval:org.mitre.oval:def:1493 Mozilla XML Attribute Name Validation Vulnerability
oval:org.mitre.oval:def:11803 The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaM...
oval:org.mitre.oval:def:1339 Mozilla Integer overflows in E4X, SVG, and Canvas Features
oval:org.mitre.oval:def:677 Mozilla XML Parser Read Beyond Buffer Bug
oval:org.mitre.oval:def:1625 Mozilla "AnyName" Entrainment and Access Control Hazard
oval:org.mitre.oval:def:1189 Mozilla Table Rebuilding Code Execution Vulnerability
oval:org.mitre.oval:def:11164 Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mo...
oval:org.mitre.oval:def:1848 Mozilla Mozilla Firefox Tag Order Vulnerability
oval:org.mitre.oval:def:11704 nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1...
oval:org.mitre.oval:def:1947 Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1529)
oval:org.mitre.oval:def:1903 Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1530)
oval:org.mitre.oval:def:2023 Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1531)
oval:org.mitre.oval:def:1574 Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1723)
oval:org.mitre.oval:def:1901 Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)
oval:org.mitre.oval:def:10243 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x be...
oval:org.mitre.oval:def:1471 Mozilla Spoofing with Translucent Windows
oval:org.mitre.oval:def:1968 Mozilla Security Check of js_ValueToFunctionObject() Can Be Circumvented
oval:org.mitre.oval:def:1649 Mozilla Privilege Escalation through Print Preview
oval:org.mitre.oval:def:10364 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0...
oval:org.mitre.oval:def:1698 Mozilla Privilege Escalation Using crypto.generateCRMFRequest
oval:org.mitre.oval:def:10508 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0...
oval:org.mitre.oval:def:1929 Mozilla File Stealing by Changing Input Type
oval:org.mitre.oval:def:10922 Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite befo...

SAINT Exploits

Description Link
Firefox AttributeChildRemoved Use After Free More info here
Mozilla Firefox document.write and DOM insertion memory corruption More info here
Mozilla Firefox nsTreeRange Use After Free More info here
Mozilla Firefox JavaScript Navigator object vulnerability More info here
Mozilla Firefox OBJECT mChannel Use-After-Free More info here
Mozilla Firefox UTF-8 URL buffer overflow More info here
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access More info here
Mozilla Firefox QueryInterface method memory corruption More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here
Firefox crypto.generateCRMFRequest command execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77956 Mozilla Multiple Product Large OGG <video> Element Handling Remote DoS
77955 Mozilla Multiple Product for Mac DOM Frame Deletion NULL Dereference Remote C...
77954 Mozilla Multiple Product SVG Animation accessKey Event Handling Disabled Java...
77953 Mozilla Multiple Product DOMAttrModified SVG Element Handling Out-of-bounds M...
77952 Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption
77951 Mozilla Multiple Product YARR Regular Expression Library Javascript Parsing R...
77609 Mozilla Multiple Product CSS Token Sequence Parsing Timing Attack Remote Info...
75847 Mozilla Multiple Product Multiple Tab Handling Keystroke Disclosure
75846 Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution
75845 Mozilla Multiple Product loadSubScript Method XPCNativeWrappers Unwrapping Re...
75844 Mozilla Multiple Product YARR Unspecified Memory Corruption
75843 Mozilla Multiple Product WebGL Test Case Unspecified Out-of-bounds Write Memo...
75842 Mozilla Multiple Product WebGL ANGLE GrowAtomTable() Function Overflow
75841 Mozilla Multiple Product Enter Key Download Dialog Verification Bypass
75840 Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio...
75839 Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea...
75838 Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol...
75836 Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997)
75834 Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995)
74596 Mozilla Multiple Products JAR Digital Signature Same Origin Policy Bypass Pri...
74595 Mozilla Multiple Products Ogg Reader Unspecified DoS
74594 Mozilla Multiple Products JavaScript Unspecified DoS
74593 Mozilla Multiple Products Content Security Policy (CSP) Violation Report Prox...
74592 Mozilla Multiple Products WebGL Unspecified DoS
74591 Mozilla Multiple Products WebGL Shader Compiler ShaderSource Method Overflow

ExploitDB Exploits

id Description
34363 Firefox toString console.time Privileged Javascript Injection
30474 Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution
27699 Mozilla Firefox 3.5.4 - Local Color Map Exploit
18531 Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
17974 Mozilla Firefox Array.reduceRight() Integer Overflow Exploit
15342 Firefox Memory Corruption Proof of Concept (Simplified)
15104 MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
15027 MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code ...
14949 MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
12678 Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
10544 Mozilla Firefox Location Bar Spoofing Vulnerability
10380 Sunbird 0.9 Array Overrun (code execution) 0day
10187 Opera 10.01 Remote Array Overrun
10186 K-Meleon 1.5.3 Remote Array Overrun
10185 SeaMonkey 1.1.8 Remote Array Overrun
10184 KDE KDELibs 4.3.3 Remote Array Overrun
9663 Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit
3340 Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
2082 Mozilla Firefox <= 1.5.0.4 Javascript Navigator Object Code Execution PoC

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
File : nvt/deb_2406_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities)
File : nvt/deb_2457_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)
File : nvt/deb_2458_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities)
File : nvt/deb_2513_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox)
File : nvt/gb_suse_2012_0899_1.nasl
2012-12-13 Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird)
File : nvt/gb_suse_2012_0917_1.nasl
2012-12-13 Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner)
File : nvt/gb_suse_2012_0924_1.nasl
2012-12-13 Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)
File : nvt/gb_suse_2012_0935_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1345_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18931
File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18952
File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl
2012-12-04 Name : Ubuntu Update for firefox USN-1638-3
File : nvt/gb_ubuntu_USN_1638_3.nasl
2012-11-26 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox72.nasl
2012-11-26 Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380
2013-A-0203 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0041365
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032
2011-A-0160 Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity: Category I - VMSKEY: V0030769

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Mozilla regular expression heap corruption attempt
RuleID : 8443 - Type : BROWSER-FIREFOX - Revision : 15
2014-01-10 Mozilla regular expression heap corruption attempt
RuleID : 8442 - Type : SMTP - Revision : 2
2014-01-10 Mozilla javascript navigator object access
RuleID : 8058 - Type : BROWSER-FIREFOX - Revision : 11
2019-10-08 Mozilla Thunderbird input filter bypass cross site scripting attempt
RuleID : 51405 - Type : SERVER-MAIL - Revision : 1
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51394 - Type : BROWSER-OTHER - Revision : 2
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51393 - Type : BROWSER-OTHER - Revision : 2
2018-02-27 Mozilla Network Security Services heap underflow exploit attempt
RuleID : 45539 - Type : SERVER-OTHER - Revision : 1
2018-02-27 Mozilla Network Security Services heap underflow exploit attempt
RuleID : 45538 - Type : SERVER-OTHER - Revision : 1
2018-02-27 Mozilla Network Security Services heap underflow exploit attempt
RuleID : 45537 - Type : SERVER-OTHER - Revision : 1
2018-01-18 Multiple browser pressure function denial of service attempt
RuleID : 45206 - Type : BROWSER-FIREFOX - Revision : 3
2018-01-17 Mozilla Firefox nsTreeContentView double-free memory corruption attempt
RuleID : 45176 - Type : BROWSER-FIREFOX - Revision : 1
2017-12-29 Mozilla products CSS rendering out-of-bounds array write attempt
RuleID : 44991 - Type : BROWSER-FIREFOX - Revision : 3
2017-09-26 Mozilla Firefox JSXML integer overflow attempt
RuleID : 44147 - Type : BROWSER-FIREFOX - Revision : 3
2017-09-26 Mozilla Firefox JSXML integer overflow attempt
RuleID : 44146 - Type : BROWSER-FIREFOX - Revision : 3
2017-09-21 Mozilla Firefox memory corruption attempt
RuleID : 44049 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla Firefox memory corruption attempt
RuleID : 44048 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla Firefox memory corruption attempt
RuleID : 44047 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla Firefox memory corruption attempt
RuleID : 44046 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla Firefox invalid watchpoint memory corruption attempt
RuleID : 44045 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla Firefox invalid watchpoint memory corruption attempt
RuleID : 44044 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-21 Mozilla browsers JavaScript argument passing code execution attempt
RuleID : 44043 - Type : BROWSER-FIREFOX - Revision : 1
2017-09-19 Mozilla Firefox empty lookupGetter dangling pointer attempt
RuleID : 44010 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-19 Mozilla Firefox empty lookupGetter dangling pointer attempt
RuleID : 44009 - Type : BROWSER-FIREFOX - Revision : 2
2017-09-14 Mozilla products element style change memory corruption code execution attempt
RuleID : 43960 - Type : BROWSER-FIREFOX - Revision : 2
2017-08-31 Mozilla Firefox nsTreeContentView double-free memory corruption attempt
RuleID : 43778 - Type : BROWSER-FIREFOX - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1564.nasl - Type: ACT_GATHER_INFO
2017-01-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO
2016-12-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2958-1.nasl - Type: ACT_GATHER_INFO
2016-10-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3688.nasl - Type: ACT_GATHER_INFO
2016-09-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2385-1.nasl - Type: ACT_GATHER_INFO
2016-09-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1064.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2209-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1618-1.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO
2016-06-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-507.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote device is affected by multiple vulnerabilities.
File: cisco_ace_A5_3_3.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201605-06.nasl - Type: ACT_GATHER_INFO
2016-05-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16716.nasl - Type: ACT_GATHER_INFO
2016-05-13 Name: A web application running on the remote host is affected by multiple vulnerab...
File: solarwinds_srm_profiler_6_2_3.nasl - Type: ACT_GATHER_INFO
2016-03-24 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5_4.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201603-11.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote AIX host has a version of OpenSSL installed that is affected by mu...
File: aix_openssl_advisory17.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0001_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-6dec4e6d5f.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0013_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0015_remote.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2012-0016_remote.nasl - Type: ACT_GATHER_INFO
2016-02-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-218.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-215.nasl - Type: ACT_GATHER_INFO
2016-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-102.nasl - Type: ACT_GATHER_INFO