cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

CVE-2014-8636

Public exploit
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
Max CVSS
7.5
EPSS Score
93.70%
Published
2015-01-14
Updated
2017-09-08

CVE-2014-1511

Public exploit
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
Max CVSS
9.8
EPSS Score
95.38%
Published
2014-03-19
Updated
2020-08-05

CVE-2014-1510

Public exploit
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
Max CVSS
9.8
EPSS Score
95.62%
Published
2014-03-19
Updated
2020-08-03

CVE-2013-2566

Public exploit
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Max CVSS
5.9
EPSS Score
0.54%
Published
2013-03-15
Updated
2020-11-23

CVE-2013-0758

Public exploit
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
Max CVSS
9.3
EPSS Score
21.08%
Published
2013-01-13
Updated
2020-08-04

CVE-2013-0757

Public exploit
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.
Max CVSS
9.3
EPSS Score
6.92%
Published
2013-01-13
Updated
2020-08-11

CVE-2013-0753

Public exploit
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
Max CVSS
9.3
EPSS Score
97.12%
Published
2013-01-13
Updated
2020-08-04

CVE-2011-3659

Public exploit
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
Max CVSS
9.3
EPSS Score
92.06%
Published
2012-02-01
Updated
2020-08-28

CVE-2011-2371

Public exploit
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Max CVSS
10.0
EPSS Score
95.69%
Published
2011-06-30
Updated
2017-09-19

CVE-2011-0073

Public exploit
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Max CVSS
10.0
EPSS Score
96.48%
Published
2011-05-07
Updated
2017-09-19

CVE-2011-0065

Public exploit
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
Max CVSS
10.0
EPSS Score
96.90%
Published
2011-05-07
Updated
2017-09-19
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!