Product:

Firefox_esr

(Mozilla)
Repositories https://github.com/libevent/libevent
#Vulnerabilities 1073
Date Id Summary Products Score Patch Annotated
2019-02-28 CVE-2018-18498 A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2012-08-29 CVE-2012-3968 Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-3961 Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-3957 Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-3956 Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-1975 Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-1972 Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-1970 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-3976 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A
2012-08-29 CVE-2012-3963 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Ubuntu_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit N/A