# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2020-26970 |
787 |
|
|
2020-12-09 |
2020-12-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1. |
2 |
CVE-2020-26968 |
787 |
|
Mem. Corr. |
2020-12-09 |
2020-12-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
3 |
CVE-2020-26960 |
416 |
|
|
2020-12-09 |
2020-12-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
4 |
CVE-2020-26950 |
416 |
|
|
2020-12-09 |
2022-04-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. |
5 |
CVE-2020-15663 |
427 |
|
Exec Code |
2020-10-01 |
2022-07-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. |
6 |
CVE-2020-15659 |
787 |
|
Mem. Corr. |
2020-08-10 |
2020-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. |
7 |
CVE-2020-15656 |
843 |
|
|
2020-08-10 |
2023-02-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
8 |
CVE-2020-12420 |
362 |
|
Mem. Corr. |
2020-07-09 |
2022-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
9 |
CVE-2020-12419 |
416 |
|
Mem. Corr. |
2020-07-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
10 |
CVE-2020-12417 |
787 |
|
Mem. Corr. |
2020-07-09 |
2022-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
11 |
CVE-2020-12406 |
345 |
|
|
2020-07-09 |
2023-01-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
12 |
CVE-2020-12395 |
787 |
|
Mem. Corr. |
2020-05-26 |
2022-04-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
13 |
CVE-2019-11752 |
416 |
|
|
2019-09-27 |
2019-10-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
14 |
CVE-2019-11708 |
20 |
|
|
2019-07-23 |
2019-08-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. |
15 |
CVE-2017-7826 |
119 |
|
Overflow Mem. Corr. |
2018-06-11 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. |
16 |
CVE-2017-7810 |
119 |
|
Overflow Mem. Corr. |
2018-06-11 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. |
17 |
CVE-2017-7779 |
119 |
|
Overflow Mem. Corr. |
2018-06-11 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
18 |
CVE-2017-5399 |
119 |
|
Overflow Mem. Corr. |
2018-06-11 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. |
19 |
CVE-2017-5398 |
119 |
|
Overflow Mem. Corr. |
2018-06-11 |
2018-08-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. |
20 |
CVE-2016-1522 |
119 |
|
DoS Exec Code Overflow |
2016-02-13 |
2017-07-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. |
21 |
CVE-2015-2740 |
119 |
|
DoS Overflow |
2015-07-06 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. |
22 |
CVE-2015-2739 |
119 |
|
Overflow |
2015-07-06 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. |
23 |
CVE-2015-2738 |
17 |
|
|
2015-07-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. |
24 |
CVE-2015-2737 |
17 |
|
|
2015-07-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. |
25 |
CVE-2015-2736 |
17 |
|
|
2015-07-06 |
2016-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. |
26 |
CVE-2015-2735 |
17 |
|
|
2015-07-06 |
2016-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. |
27 |
CVE-2015-2734 |
17 |
|
|
2015-07-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. |
28 |
CVE-2015-2731 |
|
|
Exec Code |
2015-07-06 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy. |
29 |
CVE-2015-2725 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-06 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
30 |
CVE-2015-2724 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-06 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
31 |
CVE-2014-1567 |
|
|
Exec Code |
2014-09-03 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. |
32 |
CVE-2014-1563 |
416 |
|
DoS Exec Code Mem. Corr. |
2014-09-03 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. |
33 |
CVE-2014-1562 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-09-03 |
2017-01-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
34 |
CVE-2014-1557 |
94 |
|
Exec Code |
2014-07-23 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. |
35 |
CVE-2014-1556 |
94 |
|
Exec Code |
2014-07-23 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. |
36 |
CVE-2014-1555 |
|
|
Exec Code |
2014-07-23 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. |
37 |
CVE-2014-1553 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-09-03 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
38 |
CVE-2014-1550 |
|
|
DoS Exec Code Mem. Corr. |
2014-07-23 |
2017-01-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. |
39 |
CVE-2014-1549 |
119 |
|
DoS Exec Code Overflow |
2014-07-23 |
2017-01-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. |
40 |
CVE-2014-1548 |
|
|
DoS Exec Code Mem. Corr. |
2014-07-23 |
2017-01-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
41 |
CVE-2014-1547 |
|
|
DoS Exec Code Mem. Corr. |
2014-07-23 |
2017-01-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
42 |
CVE-2014-1544 |
|
|
Exec Code |
2014-07-23 |
2017-01-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. |
43 |
CVE-2014-1541 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. |
44 |
CVE-2014-1538 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
45 |
CVE-2014-1531 |
416 |
|
DoS Exec Code Mem. Corr. |
2014-04-30 |
2020-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. |
46 |
CVE-2014-1529 |
269 |
|
Exec Code Bypass |
2014-04-30 |
2020-08-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. |
47 |
CVE-2014-1518 |
|
|
DoS Exec Code Mem. Corr. |
2014-04-30 |
2020-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
48 |
CVE-2014-1513 |
787 |
|
DoS Exec Code |
2014-03-19 |
2020-08-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. |
49 |
CVE-2014-1512 |
416 |
|
Exec Code |
2014-03-19 |
2020-08-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. |
50 |
CVE-2014-1493 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-03-19 |
2020-08-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |