CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Seamonkey : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2008-2800 79 XSS Bypass 2008-07-07 2018-10-11
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
552 CVE-2008-2799 399 DoS Exec Code 2008-07-07 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
553 CVE-2008-2798 399 DoS Exec Code 2008-07-07 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
554 CVE-2008-2785 189 Exec Code Overflow 2008-06-19 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
555 CVE-2008-1380 399 DoS 2008-04-17 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
556 CVE-2008-1241 59 2008-03-27 2018-10-11
4.3
None Remote Medium Not required None Partial None
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
557 CVE-2008-1240 2008-03-28 2018-10-11
5.0
None Remote Low Not required Partial None None
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195.
558 CVE-2008-1238 287 Bypass CSRF 2008-03-27 2018-10-11
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
559 CVE-2008-1237 399 DoS Exec Code 2008-03-27 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
560 CVE-2008-1236 399 DoS Exec Code 2008-03-27 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
561 CVE-2008-1235 Exec Code 2008-03-27 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
562 CVE-2008-1234 79 XSS 2008-03-27 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."
563 CVE-2008-1233 94 Exec Code 2008-03-27 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
564 CVE-2008-0593 200 Bypass +Info 2008-02-09 2018-10-15
4.3
None Remote Medium Not required Partial None None
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
565 CVE-2008-0592 DoS 2008-02-09 2018-10-15
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser.
566 CVE-2008-0420 200 DoS +Info 2008-02-12 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.
567 CVE-2008-0419 399 DoS Mem. Corr. 2008-02-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
568 CVE-2008-0418 22 Dir. Trav. 2008-02-08 2018-10-15
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
569 CVE-2008-0416 79 XSS 2008-02-12 2018-10-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
570 CVE-2008-0415 79 XSS 2008-02-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
571 CVE-2008-0414 20 2008-02-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
572 CVE-2008-0413 399 DoS Mem. Corr. 2008-02-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
573 CVE-2008-0412 399 DoS Mem. Corr. 2008-02-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.
574 CVE-2008-0017 119 DoS Exec Code Overflow Mem. Corr. 2008-11-13 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
575 CVE-2008-0016 119 Exec Code Overflow 2008-09-24 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
576 CVE-2007-6589 79 XSS 2007-12-28 2017-09-29
4.3
None Remote Medium Not required None Partial None
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
577 CVE-2007-5960 22 Dir. Trav. Bypass CSRF 2007-11-26 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
578 CVE-2007-5959 DoS Exec Code Mem. Corr. 2007-11-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
579 CVE-2007-5947 79 XSS 2007-11-14 2018-10-15
4.3
None Remote Medium Not required None Partial None
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
580 CVE-2007-5340 20 DoS Mem. Corr. 2007-10-21 2018-10-15
4.3
None Remote Medium Not required None None Partial
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.
581 CVE-2007-5339 20 DoS Mem. Corr. 2007-10-21 2018-10-15
4.3
None Remote Medium Not required None None Partial
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.
582 CVE-2007-5338 264 2007-10-21 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
583 CVE-2007-5334 16 2007-10-21 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
584 CVE-2007-4879 2007-09-13 2018-10-30
5.0
None Remote Low Not required Partial None None
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
585 CVE-2007-4841 20 Exec Code 2007-09-12 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
586 CVE-2007-3954 79 Exec Code XSS 2007-07-24 2021-07-23
4.3
None Remote Medium Not required None Partial None
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
587 CVE-2007-3844 XSS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
588 CVE-2007-3511 Bypass 2007-07-03 2018-10-15
4.3
None Remote Medium Not required None Partial None
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
589 CVE-2007-2871 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
590 CVE-2007-2870 XSS Bypass 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
591 CVE-2007-2868 94 DoS Exec Code Mem. Corr. 2007-06-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
592 CVE-2007-2867 119 DoS Overflow 2007-06-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
593 CVE-2007-2292 20 2007-04-26 2021-07-23
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
594 CVE-2007-1362 20 DoS 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
595 CVE-2007-1095 2007-02-26 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
596 CVE-2007-1092 Exec Code Mem. Corr. 2007-02-26 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
597 CVE-2007-0996 XSS 2007-02-27 2018-10-16
5.8
None Remote Medium Not required Partial Partial None
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
598 CVE-2007-0995 79 XSS Bypass 2007-02-26 2018-10-16
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
599 CVE-2007-0994 94 Exec Code Bypass 2007-03-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
600 CVE-2007-0981 264 Bypass 2007-02-16 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Total number of vulnerabilities : 680   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.