Search Results (4205 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1477 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 9.8 Critical
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1518 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-11-25 8.8 High
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2018-12378 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2013-5615 5 Canonical, Fedoraproject, Mozilla and 2 more 9 Ubuntu Linux, Fedora, Firefox and 6 more 2025-11-25 9.8 Critical
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
CVE-2018-5156 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
CVE-2018-5144 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-11-25 N/A
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
CVE-2018-5158 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Firefox and 7 more 2025-11-25 N/A
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
CVE-2014-1486 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-11-25 9.8 Critical
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
CVE-2018-5183 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2014-1491 8 Canonical, Debian, Fedoraproject and 5 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2025-11-25 N/A
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
CVE-2014-1487 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2025-11-25 7.5 High
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
CVE-2018-5145 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2025-11-25 N/A
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
CVE-2018-5150 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5159 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2025-11-25 N/A
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2013-6629 10 Artifex, Canonical, Debian and 7 more 15 Gpl Ghostscript, Ubuntu Linux, Debian Linux and 12 more 2025-11-25 N/A
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVE-2018-5187 3 Canonical, Debian, Mozilla 4 Ubuntu Linux, Debian Linux, Firefox and 1 more 2025-11-25 N/A
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
CVE-2014-1531 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-11-25 8.8 High
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.
CVE-2014-1532 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-11-25 9.8 Critical
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
CVE-2013-5618 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2025-11-25 9.8 Critical
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
CVE-2014-1493 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.