Download
| Alert*
oval:org.mitre.oval:def:2024
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is ... oval:org.secpod.oval:def:9704 The host is missing a moderate security update according to Mozilla advisory, MFSA 2013-06. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remot ... oval:org.secpod.oval:def:9684 The host is installed with SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remote attackers to obtain sensitive information or possibly c ... oval:org.secpod.oval:def:16830 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED ... oval:org.secpod.oval:def:947 The host is installed with Mozilla Thunderbird or SeaMonkey and is prone to denial of service vulnerability. A flaw is present in the nsAuthSSPI::Unwrap function, which fails to handle malicious data during SSPI authentication session. Successful exploitation could allow remote attackers to execute ... oval:org.mitre.oval:def:6372 The installed browser on the system is Mozilla Seamonkey (32 bit). oval:org.secpod.oval:def:16829 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a relat ... oval:org.secpod.oval:def:16828 Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an <iframe> with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" usin ... oval:org.secpod.oval:def:948 The host is installed with Mozilla Thunderbird or SeaMonkey and is prone to denial of service vulnerability. A flaw is present in the parser, which fails to handle malicious MIME attachments. Successful exploitation could allow remote attackers to execute arbitrary code or cause denial of service. oval:org.mitre.oval:def:1625 The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictio ... oval:org.mitre.oval:def:1614 Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. oval:org.mitre.oval:def:1619 Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: desp ... oval:org.mitre.oval:def:1848 nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence ... oval:org.mitre.oval:def:1667 The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that ... oval:org.mitre.oval:def:12192 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in wh ... oval:org.mitre.oval:def:1649 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". oval:org.mitre.oval:def:12186 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. oval:org.mitre.oval:def:1471 Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. oval:org.mitre.oval:def:12158 Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. oval:org.mitre.oval:def:1698 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. oval:org.mitre.oval:def:12143 Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a ... oval:org.mitre.oval:def:11055 Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a j ... oval:org.mitre.oval:def:12145 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex ... oval:org.mitre.oval:def:1687 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. oval:org.mitre.oval:def:12132 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss ... oval:org.mitre.oval:def:1037 Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privi ... oval:org.mitre.oval:def:12136 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access ... oval:org.mitre.oval:def:12120 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows ... oval:org.mitre.oval:def:1494 The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. oval:org.mitre.oval:def:1493 The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. oval:org.mitre.oval:def:12116 Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. oval:org.mitre.oval:def:12118 The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryp ... oval:org.mitre.oval:def:12114 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross ... oval:org.mitre.oval:def:12108 Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the app ... oval:org.mitre.oval:def:1247 Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. oval:org.mitre.oval:def:12202 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. oval:org.mitre.oval:def:11799 Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related ... oval:org.mitre.oval:def:11550 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: ... oval:org.mitre.oval:def:11552 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or ... oval:org.mitre.oval:def:11778 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via ... oval:org.mitre.oval:def:1087 The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory ... oval:org.mitre.oval:def:11770 dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows rem ... oval:org.mitre.oval:def:11771 js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts i ... oval:org.mitre.oval:def:11519 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) a ... oval:org.mitre.oval:def:11517 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:11740 Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a ... oval:org.mitre.oval:def:11735 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) pr ... oval:org.mitre.oval:def:11969 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (app ... oval:org.mitre.oval:def:10958 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. oval:org.mitre.oval:def:1514 Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. oval:org.mitre.oval:def:1548 Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the ... oval:org.mitre.oval:def:1339 Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingConte ... oval:org.mitre.oval:def:1574 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ... oval:org.mitre.oval:def:1562 Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. oval:org.mitre.oval:def:12254 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.mitre.oval:def:12001 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access an ... oval:org.mitre.oval:def:1189 Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. oval:org.mitre.oval:def:11680 Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, relat ... oval:org.mitre.oval:def:11688 The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and th ... oval:org.mitre.oval:def:11684 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers ... oval:org.mitre.oval:def:11685 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. oval:org.mitre.oval:def:11675 Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ... oval:org.mitre.oval:def:11891 The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to ... oval:org.mitre.oval:def:1829 Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. oval:org.mitre.oval:def:11835 The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy a ... oval:org.mitre.oval:def:1811 Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. oval:org.mitre.oval:def:11811 Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which al ... oval:org.secpod.oval:def:15023 Security researcher Robert Kugler <ahref="http://www.mozilla.org/security/announce/2012/mfsa2012-98.html">reported in 2012 that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL ... oval:org.secpod.oval:def:15024 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:///URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the ... oval:org.secpod.oval:def:15021 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier(URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origi ... oval:org.secpod.oval:def:15022 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-sitescripting (XSS) attacks by web workers. oval:org.secpod.oval:def:15020 Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the localsystem. This DLL file can run in a privileged context through the Mozilla Maint ... oval:org.mitre.oval:def:8248 The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currentl ... oval:org.mitre.oval:def:8489 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. oval:org.mitre.oval:def:8487 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vec ... oval:org.mitre.oval:def:8485 The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockF ... oval:org.mitre.oval:def:1855 Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using ... oval:org.mitre.oval:def:8009 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." oval:org.mitre.oval:def:8240 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. oval:org.mitre.oval:def:8480 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE- ... oval:org.mitre.oval:def:7390 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. oval:org.mitre.oval:def:1887 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the win ... oval:org.mitre.oval:def:6921 The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMAN ... oval:org.secpod.oval:def:15003 Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and ... oval:org.secpod.oval:def:15004 Security researcher Paul Stone of <ahref="http://www.contextis.co.uk/">Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains ... oval:org.secpod.oval:def:15002 Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. oval:org.secpod.oval:def:15007 Bugzilla developer Frédéric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection. oval:org.secpod.oval:def:15008 Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values. oval:org.secpod.oval:def:15005 Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash. oval:org.secpod.oval:def:15006 Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result,content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied. oval:org.secpod.oval:def:15000 Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by SystemOnly Wrappers (S ... oval:org.secpod.oval:def:15014 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash. oval:org.secpod.oval:def:15015 Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead t ... oval:org.secpod.oval:def:15012 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:15013 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitablecrash. oval:org.secpod.oval:def:15018 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:15019 Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can l ... oval:org.secpod.oval:def:15016 Security researcher Aki Helin from OUSPG used the AddressSanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties. oval:org.secpod.oval:def:15017 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:15010 Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson thatVerisign"s prevention measures for homograph attacks using InternationalizedDomain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox. I ... oval:org.mitre.oval:def:6710 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Di ... oval:org.mitre.oval:def:6708 The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pa ... oval:org.mitre.oval:def:6945 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. oval:org.mitre.oval:def:7618 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions ... oval:org.mitre.oval:def:7615 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exec ... oval:org.mitre.oval:def:6755 The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. oval:org.mitre.oval:def:6971 Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitra ... oval:org.mitre.oval:def:6731 Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. N ... oval:org.mitre.oval:def:6975 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and t ... oval:org.mitre.oval:def:8503 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:6541 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying ... oval:org.mitre.oval:def:6548 Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. oval:org.mitre.oval:def:7622 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.mitre.oval:def:6776 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an ... oval:org.secpod.oval:def:10670 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10671 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10672 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:10665 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:10666 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10667 The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:10668 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10669 The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ... oval:org.mitre.oval:def:1903 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ... oval:org.mitre.oval:def:1901 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. oval:org.mitre.oval:def:8523 Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:7435 Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. oval:org.mitre.oval:def:6347 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. oval:org.secpod.oval:def:10660 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:10661 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:10662 The host is installed with Mozilla Firefox before 20.0, SeaMonkey before 2.17, Firefox ESR before 20.0, Thunderbird before 17.0.5 or Thunderbird ESR before 17.0.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors re ... oval:org.secpod.oval:def:10663 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10654 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10656 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10657 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:10658 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ... oval:org.secpod.oval:def:10659 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.mitre.oval:def:1955 Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attac ... oval:org.mitre.oval:def:1947 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ... oval:org.mitre.oval:def:7008 The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modif ... oval:org.mitre.oval:def:7235 Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. oval:org.mitre.oval:def:1929 Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the i ... oval:org.mitre.oval:def:7467 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via ... oval:org.mitre.oval:def:7222 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors tha ... oval:org.mitre.oval:def:8379 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty bo ... oval:org.mitre.oval:def:7285 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. oval:org.mitre.oval:def:1968 Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. oval:org.mitre.oval:def:7030 The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext ... oval:org.mitre.oval:def:8355 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArgu ... oval:org.mitre.oval:def:5717 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... oval:org.mitre.oval:def:6831 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross ... oval:org.mitre.oval:def:6811 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which tr ... oval:org.secpod.oval:def:10394 The host is installed with Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4 or SeaMonkey before 2.16.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvi ... oval:org.secpod.oval:def:10395 The host is missing a security update according to Mozilla advisory, MFSA 2013-29. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an execCommand call. Successful exploitation allows remote attackers to execute ... oval:org.mitre.oval:def:6646 The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. oval:org.secpod.oval:def:14998 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:14999 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software.Some of these issues are potentially exploitable, allowing for remote code execution. ... oval:org.mitre.oval:def:7967 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. oval:org.mitre.oval:def:2023 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ... oval:org.mitre.oval:def:2020 Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) va ... oval:org.mitre.oval:def:7958 The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive informat ... oval:org.mitre.oval:def:8610 The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors r ... oval:org.mitre.oval:def:8615 Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situat ... oval:org.mitre.oval:def:7516 The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definiti ... oval:org.mitre.oval:def:7743 Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeou ... oval:org.mitre.oval:def:7339 The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force ... oval:org.mitre.oval:def:670 The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. oval:org.mitre.oval:def:677 The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. oval:org.mitre.oval:def:7315 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple C ... oval:org.mitre.oval:def:8631 Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote atta ... oval:org.mitre.oval:def:7546 Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors ... oval:org.mitre.oval:def:8465 The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly ... oval:org.mitre.oval:def:7370 The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting ... oval:org.mitre.oval:def:8434 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:7584 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. oval:org.mitre.oval:def:8431 The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to th ... oval:org.secpod.oval:def:15047 Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8 or Mozilla SeaMonkey before 2.20 allows local users to gain privileges via a long pathname on the command line to the Mozilla M ... oval:org.secpod.oval:def:15048 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. oval:org.secpod.oval:def:15045 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. oval:org.secpod.oval:def:15046 Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8 or Mozilla SeaMonkey before 2.19 allows local users to gain privileges via a long pat ... oval:org.secpod.oval:def:15049 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15040 The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 or Mozilla SeaMonkey before 2.19 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. oval:org.secpod.oval:def:15043 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, SeaMonkey before 2.20 or Mozilla Firefox ESR, Mozilla Thunderbird, Mozilla Thunderbird ESR before 17.0.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl ... oval:org.secpod.oval:def:15044 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ... oval:org.secpod.oval:def:15042 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:15056 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:15050 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15051 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15054 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:15055 Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012 ... oval:org.secpod.oval:def:15052 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8 or Mozilla SeaMonkey before 2.20 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows ... oval:org.secpod.oval:def:15053 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:15029 Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:15027 Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 allows remote attackers to execute ar ... oval:org.secpod.oval:def:15028 Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 allows remote attackers to execute arbitrary code or cause a den ... oval:org.secpod.oval:def:15036 Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. oval:org.secpod.oval:def:15037 Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. oval:org.secpod.oval:def:15034 The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a d ... oval:org.secpod.oval:def:15035 The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:15038 The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbi ... oval:org.secpod.oval:def:15032 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:15033 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site re ... oval:org.secpod.oval:def:15030 The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, Thunderbird ESR 17.x before 17.0.7 or Mozilla SeaMonkey before 2.19 do not properly restrict XBL user-defined functions, which allo ... oval:org.secpod.oval:def:16268 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16269 Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ... oval:org.secpod.oval:def:16266 Mozilla security developer Daniel Veditz discovered that <iframe sandbox> restrictions are not applied to an <object> element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use <object> element to bypass the sandbox restricti ... oval:org.secpod.oval:def:16267 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16265 Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ... oval:org.secpod.oval:def:16263 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16279 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. oval:org.secpod.oval:def:16277 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, SeaMonkey before 2.23, Firefox ESR 24.0 before 24.2 or Thunderbird before 24.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:16271 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16272 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:16270 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:16275 Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmesd" information (ANSSI), an agency of th ... oval:org.secpod.oval:def:16276 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16273 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16274 Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define HuffmanTable (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft. oval:org.secpod.oval:def:16282 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16283 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16280 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16281 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. oval:org.secpod.oval:def:16286 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:16287 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16284 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16285 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. oval:org.secpod.oval:def:16411 Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within <select> elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks. oval:org.secpod.oval:def:16412 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16410 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16415 Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16413 Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilit ... oval:org.secpod.oval:def:16414 Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition. oval:org.secpod.oval:def:16408 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. oval:org.secpod.oval:def:16409 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16407 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:16422 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:16423 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:16420 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a drop down menu, which allows remote attackers to spoof the address bar or conduct cli ... oval:org.secpod.oval:def:16421 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ... oval:org.secpod.oval:def:16426 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ... oval:org.secpod.oval:def:16427 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ... oval:org.secpod.oval:def:16425 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ... oval:org.secpod.oval:def:16417 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ... oval:org.secpod.oval:def:16418 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, SeaMonkey before 2.22 or Thunderbird ESR 17.0 before 17.0.10 allows remote attackers to cause a denial of service (memory corruption and application crash) or possib ... oval:org.secpod.oval:def:16697 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:16698 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16699 Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ... oval:org.secpod.oval:def:16430 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ... oval:org.secpod.oval:def:16428 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16429 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ... oval:org.secpod.oval:def:15601 The host is missing a security update according to Mozilla advisory, MFSA 2013-77. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to maintain the state of the insertion-mode stack for template elements. Successful exploitat ... oval:org.secpod.oval:def:15602 The host is installed missing a security update according to Mozilla advisory, MFSA 2013-78.The update is required to fix an integer overflow vulnerability. A flaw is present is the applications, which fail to handle a crafted site. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15600 The host is missing a security update according to Mozilla advisory, MFSA 2013-76. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15612 The host is missing a security update according to Mozilla advisory, MFSA 2013-89. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted use of lists and floats within a multi-column layout. Successful exploitation could al ... oval:org.secpod.oval:def:16701 Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy. oval:org.secpod.oval:def:15613 The host is missing a security update according to Mozilla advisory, MFSA 2013-90. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:16702 Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ... oval:org.secpod.oval:def:15611 The host is missing a security update according to Mozilla advisory, MFSA 2013-88. The update is required to fix a arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle movement of XBL-backed nodes between documents. Successful exploitation could allow a ... oval:org.secpod.oval:def:16700 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:15605 The host is missing a security update according to, MFSA 2013-81. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow attackers to crash the ser ... oval:org.secpod.oval:def:15606 The host is missing a security update according to Mozilla advisory, MFSA 2013-82. The update is required to a fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15603 The host is missing a security update according to, MFSA 2013-79. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle stylesheet cloning. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15604 The host is missing a security update according to, MFSA 2013-80. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:15609 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:15607 The host is missing a security update according to Mozilla advisory. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR file. Successful exploitation could allow attackers to replace the installed software with th ... oval:org.secpod.oval:def:15620 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle stylesh ... oval:org.secpod.oval:def:15623 he host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. S ... oval:org.secpod.oval:def:16712 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. oval:org.secpod.oval:def:15624 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21, and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR ... oval:org.secpod.oval:def:16713 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:15621 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could al ... oval:org.secpod.oval:def:16710 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, SeaMonkey before 2.24, Thunderbird before 24.3 or Firefox ESR 24.0 before 24.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:15622 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow ... oval:org.secpod.oval:def:16711 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:15616 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, or SeaMonkey before 2.21 and is prone to a memory safety vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Su ... oval:org.secpod.oval:def:15617 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, SeaMonkey before 2.21 or Mozilla Firefox ESR, Mozilla Thunderbird ESR before 17.0.9 and is prone to a memory safety vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful ex ... oval:org.secpod.oval:def:16706 Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable. oval:org.secpod.oval:def:15614 The host is missing a security update according to Mozilla advisory, MFSA 2013-91. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly identify the "this" object during use of user-defined getter methods on DOM proxies. Success ... oval:org.secpod.oval:def:16703 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:15615 The host is missing a security update according to Mozilla advisory, MFSA 2013-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code by lever ... oval:org.secpod.oval:def:16704 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16709 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:15618 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, or SeaMonkey before 2.21 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to maintain the state of the insertion-mode stack for template elements. Successful ... oval:org.secpod.oval:def:16707 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:15619 The host is installed with Mozilla Firefox before 24.0 or SeaMonkey before 2.21 and is prone to an integer overflow vulnerability. A flaw is present is the applications, which fail to handle a crafted site. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16708 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:15630 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Su ... oval:org.secpod.oval:def:15631 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to use after free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Succe ... oval:org.secpod.oval:def:15632 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly identify the " ... oval:org.secpod.oval:def:15633 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, or SeaMonkey before 2.21 an use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code by leveraging i ... oval:org.secpod.oval:def:15627 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows arbitrary attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:16716 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ... oval:org.secpod.oval:def:16717 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16714 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:15626 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0 or SeaMonkey before 2.21 and is prone to uninitialized data vulnerability. A flaw is present in the applications, which does not properly initialize memory. Successful exploitation allows remote attackers to obtain sensi ... oval:org.secpod.oval:def:16715 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ... oval:org.secpod.oval:def:15629 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, or SeaMonkey before 2.21 allows remote attackers and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, whic ... oval:org.secpod.oval:def:16718 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16719 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. oval:org.secpod.oval:def:16084 The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_dht function in jdmarker.c, which fails to pro ... oval:org.secpod.oval:def:16834 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix miscellaneous network security services vulnerabilities. The flaws are present in the applications, which fail to handle statistical analysis of ciphertext or a crafted X.509 cer ... oval:org.secpod.oval:def:22280 The host is missing a security update according to MFSA 2014-83. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of service (memory corrupti ... oval:org.secpod.oval:def:22279 The host is installed with Mozilla Firefox before 34.0, SeaMonkey before 2.31, Thunderbird before 31.3 or Firefox ESR 31.x before 31.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ... oval:org.secpod.oval:def:22278 The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ... oval:org.secpod.oval:def:16835 Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, SeaMonkey before 2.22.1, Thunderbird 24.x before 24.1.1 or Thunderbird ESR 17.0.x before 17.0.11 allo ... oval:org.secpod.oval:def:17149 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17148 Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ... oval:org.secpod.oval:def:17147 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17159 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17158 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17157 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:17152 Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ... oval:org.secpod.oval:def:17151 Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ... oval:org.secpod.oval:def:17150 Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. oval:org.secpod.oval:def:17155 Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ... oval:org.secpod.oval:def:17154 Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ... oval:org.secpod.oval:def:19919 Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. oval:org.secpod.oval:def:19915 Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. oval:org.secpod.oval:def:19916 Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. oval:org.secpod.oval:def:19917 Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruptio ... oval:org.secpod.oval:def:19918 Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. oval:org.secpod.oval:def:19911 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:19912 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.0 before 24.6, Thunderbird before 24.6 or SeaMonkey before 2.26.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:19913 The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0, SeaMonkey before 2.26.1, Thunderbird before 24.6 or Firefox ESR 24.0 before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. oval:org.secpod.oval:def:19914 Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0, SeaMonkey before 2.26.1, Thunderbird before 24.6 or Firefox ESR 24.0 before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:19910 Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API wa ... oval:org.secpod.oval:def:19908 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash. oval:org.secpod.oval:def:19909 Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:19905 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:19906 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. oval:org.secpod.oval:def:19907 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. ... oval:org.secpod.oval:def:1788 The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code and cau ... oval:org.secpod.oval:def:1787 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ... oval:org.secpod.oval:def:1789 The host is installed with Mozilla Firefox before 5.0 or before 3.6.18 or Thunderbird through 3.1.11 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remote attacker to execute arbitra ... oval:org.secpod.oval:def:21266 Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ... oval:org.secpod.oval:def:21265 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, ... oval:org.secpod.oval:def:17820 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, SeaMonkey before 2.26, Thunderbird before 24.5 or Firefox ESR 24.0 before 24.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:17824 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17823 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:17822 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ... oval:org.secpod.oval:def:17817 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17816 Security researcher Christian Heimes reported that the RFC 6125 for wildcard certificates. This leads to improper wildcard matching of domains when they should not be matched in compliance with the specification. This issue was fixed in NSS version 3.16. oval:org.secpod.oval:def:17815 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17814 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17819 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17818 Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page. oval:org.secpod.oval:def:17831 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17830 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:17832 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17828 The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. oval:org.secpod.oval:def:17826 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ... oval:org.secpod.oval:def:17825 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ... oval:org.secpod.oval:def:17829 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17813 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:17812 Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potenti ... oval:org.secpod.oval:def:16721 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:16722 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:17810 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ... oval:org.secpod.oval:def:17805 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17809 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17808 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17807 Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable. oval:org.secpod.oval:def:17182 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17181 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:17180 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:17169 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. oval:org.secpod.oval:def:17168 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ... oval:org.secpod.oval:def:17163 Security researcher George Hotz , via TippingPoint"s Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. oval:org.secpod.oval:def:17162 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17161 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17160 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17167 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:17166 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. oval:org.secpod.oval:def:17165 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, SeaMonkey before 2.25, Firefox ESR before 24.0 before 24.4 or Thunderbird before 24.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... oval:org.secpod.oval:def:17164 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17179 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:17174 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:17173 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. oval:org.secpod.oval:def:17172 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. oval:org.secpod.oval:def:17178 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:17177 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:17176 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17170 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. oval:org.secpod.oval:def:1791 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey through 2.0.14 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exp ... oval:org.secpod.oval:def:1790 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remote attacker to execute a ... oval:org.secpod.oval:def:1793 The host is installed with Mozilla Firefox before 5.0 and is prone to security-bypass vulnerability. A flaw is present in the application which is caused by an error related to a non-whitelisted site triggering an install dialog for add-ons and themes. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:1792 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey through 2.0.14 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exp ... oval:org.secpod.oval:def:1795 The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to remote code-execution vulnerability. A flaw is present in the application which fails to properly restrict write operations. Successful exploitation allows remote attacker to cause a denial of service (application crash). oval:org.secpod.oval:def:1794 The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which is caused by improper validation of user-supplied input. Successful exploitation allows remote attacker to inject arbitrary web script. oval:org.secpod.oval:def:1796 The host is installed with Mozilla Firefox 4.x through 4.0.1 and is prone to information-disclosure vulnerability. A flaw is present in the application which fails to properly restrict read operations. Successful exploitation allows remote attacker to cause a denial of service (application crash). oval:org.secpod.oval:def:23589 The host is missing a security update according to Mozilla advisory, MFSA 2015-04. The update is required to fix a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Requ ... oval:org.secpod.oval:def:23591 The host is missing a security update according to Mozilla advisory, MFSA 2015-05. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of ... oval:org.secpod.oval:def:23590 The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a denial of service vulnerability. A flaw is present in the applications, which do not properly restrict timeline operations. Successful exploitation allows attackers to cause a denial of service (uniniti ... oval:org.secpod.oval:def:23595 The host is missing a security update according to Mozilla advisory, MFSA 2015-08. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Su ... oval:org.secpod.oval:def:23594 The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder. Successful exploita ... oval:org.secpod.oval:def:23593 The host is missing a security update according to Mozilla advisory, MFSA 2015-06. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:23592 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4 or SeaMonkey before 2.32 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted track data. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:23579 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ... oval:org.secpod.oval:def:23580 The host is installed with Mozilla Firefox before 35.0, SeaMonkey before 2.32, Thunderbird before 31.4 or Firefox ESR 31.x before 31.4 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ... oval:org.secpod.oval:def:23588 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that hav ... oval:org.secpod.oval:def:23587 The host is missing a security update according to Mozilla advisory, MFSA 2015-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attackers to bypass intended CORS access-co ... oval:org.secpod.oval:def:23586 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attac ... oval:org.secpod.oval:def:23585 The host is missing a security update according to Mozilla advisory, MFSA 2015-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain ... oval:org.secpod.oval:def:23584 The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not properly initialize memory for BMP images. Successful exploitation allows attackers to obtain sensitive informa ... oval:org.secpod.oval:def:23583 The host is missing a security update according to Mozilla advisory, MFSA 2015-09. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attac ... oval:org.secpod.oval:def:23582 The host is installed with Mozilla Firefox before 35.0 or SeaMonkey before 2.32 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which do not properly interact with a DOM object that has a named getter. Successful exploitation allows attackers to execute a ... oval:org.secpod.oval:def:23581 The host is missing a security update according to Mozilla advisory, MFSA 2015-01. The update is required to fix to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of ser ... oval:org.secpod.oval:def:22292 The host is missing a security update according to MFSA 2014-89. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to execute arbitrary code by leveraging an i ... oval:org.secpod.oval:def:22291 The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allow ... oval:org.secpod.oval:def:22290 The host is missing a security update according to MFSA 2014-88. The update is required to fix a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted media content. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:22282 The host is missing a security update according to MFSA 2014-84. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle an XBL binding. Successful exploitation allows attackers to bypass intended access restrictions. oval:org.secpod.oval:def:22281 The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle an XBL binding. Successful exploitation allows attackers to bypass intended access restrictions. oval:org.secpod.oval:def:26 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or SeaMonkey before 2.0.11 and is prone to use-after-free vulnerability. A flaw is present in nsDOMAttribute node handling. Successful exploitation allows remote attackers to execute arbitrary code by making the iterato ... oval:org.secpod.oval:def:22289 The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted media content. Successful exploita ... oval:org.secpod.oval:def:22288 The host is missing a security update according to MFSA 2014-87. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a addition of a second root element to an HTML5 document during parsing. Successful exploitation allows attacker ... oval:org.secpod.oval:def:22287 The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a addition of a second root element to an HTML5 document ... oval:org.secpod.oval:def:22286 The host is missing a security update according to MFSA 2014-86. The update is required to fix an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploi ... oval:org.secpod.oval:def:22285 The host is installed with Mozilla Firefox 33.0 or SeaMonkey before 2.31 and is prone to an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploitation ... oval:org.secpod.oval:def:22284 The host is missing a security update according to MFSA 2014-85. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript object. Successful exploitation allows attackers to cause a denial of service (applicatio ... oval:org.secpod.oval:def:22283 The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript object. Successful exploitation a ... oval:org.secpod.oval:def:23969 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-28. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation could allow at ... oval:org.secpod.oval:def:23968 The host is installed with Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3 or SeaMonkey before 2.33.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly handle vectors involving SVG hash navigation. Successful exploitation coul ... oval:org.secpod.oval:def:23967 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-29. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipped during ... oval:org.secpod.oval:def:23966 The host is installed with Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2 or SeaMonkey before 2.33.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which do not properly determine the cases in which bounds checking may be safely skipp ... oval:org.secpod.oval:def:2301 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2303 The host is installed with Mozilla Firefox 4 or 5 or SeaMonkey 2.x before 2.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to remove proxy-authorization credentials from the listed request headers. Successful exploitation could allow atta ... oval:org.secpod.oval:def:2302 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ... oval:org.secpod.oval:def:2305 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent a buffer overflow in an unspecified string class in the WebGL shader implementation. S ... oval:org.secpod.oval:def:2304 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2307 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3, and is prone to a security bypass vulnerability. A flaw is present in the applications, which allow attackers to bypass Same Origin Policy and obtain sensitive image data from a different domain by ... oval:org.secpod.oval:def:2306 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3, and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execu ... oval:org.secpod.oval:def:2308 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to ex ... oval:org.secpod.oval:def:2315 The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:307 The host is installed with Mozilla Firefox or SeaMonkey and is prone to cross-site request forgery vulnerability. A flaw is present in the applications which fails to properly handle requests that were initiated by a plugin and receive a 307 redirect to a page on a different web site. Successful exp ... oval:org.secpod.oval:def:306 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in the applications which fails to properly construct the layout objects used to display the text. Successful exploitation allow remote attackers to run arbitrary code. oval:org.secpod.oval:def:309 The host is installed with Mozilla Firefox before 3.5.17 or 3.6.x before 3.6.14, or Thunderbird 3.1.x before 3.1.8, or SeaMonkey before 2.0.12 and is prone to memory corruption vulnerability. A flaw is present in browser engine in Mozilla Firefox, Thunderbird which fails to handle memory corruption ... oval:org.secpod.oval:def:308 The host is installed with Mozilla Firefox or SeaMonkey or Thunderbird and is prone to denial of service vulnerability. A flaw is present in the applications, when a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to stor ... oval:org.secpod.oval:def:303 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in a method used by JSON.stringify of the application may result in use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. Successful exp ... oval:org.secpod.oval:def:302 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in the applications which fails to handle JavaScript engine's internal memory mapping of non-local JS variables. Successful exploitation allow remote attackers to run arbitrary co ... oval:org.secpod.oval:def:305 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in javascript worker of the applications which fails to handle when subsequent calls is done through deleted reference. Successful exploitation allow remote attackers to run arbitr ... oval:org.secpod.oval:def:304 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in javascript engine of the application, in which internal mapping of string values contained an error in cases where the number of values being stored was above 64K. Successful e ... oval:org.secpod.oval:def:30091 The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a call to an unspecified method. Successful exploitation allows attackers to bypass intended DOM object restric ... oval:org.secpod.oval:def:30092 The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to a DOM object restriction bypass vulnerability. A flaw is present in the applications, which fail to properly interact with XrayWrapper property filtering. Successful exploitation allows attackers to bypas ... oval:org.secpod.oval:def:30093 The host is missing a security update according to Mozilla advisory, MFSA2014-91. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation allows attackers to bypass intended access restrict ... oval:org.secpod.oval:def:301 The host is installed with Mozilla Firefox or SeaMonkey or Thunderbird and is prone to denial of service vulnerability. A flaw is present in the applications, which fails to handle memory corruption under some circumstances. Successful exploitation allow remote attackers to run arbitrary code. oval:org.secpod.oval:def:300 The host is installed with Mozilla Firefox or SeaMonkey and is prone to elevated privilege vulnerability. A flaw is present in the applications which fails to handle eval function when the recursive call is made to eval() wrapped in a try/catch statement places the browser into a inconsistent state. ... oval:org.secpod.oval:def:29 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7, or Mozilla SeaMonkey before 2.0.11 and is prone to buffer overflow vulnerability. A flaw is present in the string handling, which causes overflow in line breaki ... oval:org.secpod.oval:def:28 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7, or Mozilla SeaMonkey before 2.0.11 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to validate downloada ... oval:org.secpod.oval:def:27 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or SeaMonkey before 2.0.11 and is prone to integer overflow vulnerability. A flaw is present in the NewIdArray function, which allows construction of an array containing a very large number of items causing an overflow ... oval:org.secpod.oval:def:33 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle interaction between the XMLHttpRequestSpy object and chrome pr ... oval:org.secpod.oval:def:32 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to remote code execution vulnerability. A flaw is present in the <div> element handling, which incorrectly treats the <div> element inside a <treechildren> element as a pa ... oval:org.secpod.oval:def:31 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle injection of an ISINDEX element into an about:blank page which ... oval:org.secpod.oval:def:30 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the rendering engine, which are caused due to some characters being converted to angle bra ... oval:org.secpod.oval:def:2688 The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ... oval:org.secpod.oval:def:2687 The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent access to motion data events. Successful exploitation could allow remote attackers to read keystrokes by leverag ... oval:org.secpod.oval:def:2689 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2691 The host is installed with Mozilla Firefox before 7.0 and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write ope ... oval:org.secpod.oval:def:2690 The host is installed with Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitation could a ... oval:org.secpod.oval:def:2692 The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to validate the return value of a GrowAtomTable function call. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:38 The host is installed with Mozilla Firefox 3.5.x before 3.5.16, Mozilla Thunderbird before 3.0.11 or SeaMonkey before 2.0.11 and is prone to unspecified vulnerability. A flaw is present in the browser engine, which has an evidence of memory corruption under certain circumstances. Successful exploita ... oval:org.secpod.oval:def:36 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 or Mozilla SeaMonkey before 2.0.11 and is prone to multiple unspecified vulnerabilities. The flaws are present in the browser engine, which contains several memo ... oval:org.secpod.oval:def:35 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to security bypass vulnerability. A flaw is present in Java security handling, which fails to properly process certain redirections involving data: URLs and Java LiveConne ... oval:org.secpod.oval:def:34 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to SSL spoofing vulnerability. A flaw is present in the network or certificate error page handling, which allows opening site to access documents inside the window and inj ... oval:org.secpod.oval:def:3657 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:3658 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ... oval:org.secpod.oval:def:3659 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:3660 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG video element to extreme sizes. Successful e ... oval:org.secpod.oval:def:3661 The host is installed with Mozilla Firefox 8.0 or Thunderbird 8.0 or SeaMonkey 2.5 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOMAttrModified event handler. Successful exploitation could allow remote attackers to execut ... oval:org.secpod.oval:def:4167 The host is installed with Mozilla Firefox 10.x before 10.0.1 or Thunderbird before 10.0.1 or SeaMonkey before 2.7.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful e ... oval:org.secpod.oval:def:4168 The host is missing a critical security update according to MFSA 2012-10. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful exploitation allows remote attackers to cause arbitrary code to be executed on the target ... oval:org.secpod.oval:def:4441 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06 . The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitatio ... oval:org.secpod.oval:def:4442 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4440 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4445 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4446 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4443 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4444 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4449 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4447 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4448 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4452 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ... oval:org.secpod.oval:def:4453 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4450 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4451 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ... oval:org.secpod.oval:def:4454 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:4438 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4439 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4922 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly r ... oval:org.secpod.oval:def:4923 The host is missing a critical security update according to Mozilla advisory, MFSA2012-12. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4920 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4921 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4924 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4925 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:4919 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:4917 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4918 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4911 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4912 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-18. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4915 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4916 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:4913 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4914 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:4908 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4906 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4907 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5465 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5464 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5463 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5462 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5469 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5468 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5467 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5466 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5461 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5476 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5475 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5474 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5473 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5479 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5478 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5477 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5472 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5471 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 on Windows Vista and Windows 7 systems and is prone to memory corruption vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:5470 The host is missing a critical security update according to Mozilla advisory, MFSA2012-25. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly restrict font-rendering attempts. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:5483 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5482 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:5481 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5480 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:6422 The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:6421 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ... oval:org.secpod.oval:def:6107 The host is installed with Mozilla Firefox 12.0, Thunderbird 12.0, or SeaMonkey 2.9 and is prone to privilege escalation vulnerability. A flaw is present in the applications, which fail to handle the Mozilla Updater and Windows Updater Services. Successful exploitation could allow local users to gai ... oval:org.secpod.oval:def:6106 The host is missing a critical security update according to Mozilla advisory, MFSA2012-35. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle the Mozilla updater and the Mozilla updater service. Successful exploitation could ... oval:org.secpod.oval:def:6108 The host is installed with Mozilla Firefox 12.0, Thunderbird 12.0, or SeaMonkey 2.9 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle Updater.exe in the Windows Updater Service. Successful exploitation could allow local users to gain pri ... oval:org.secpod.oval:def:6166 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ... oval:org.secpod.oval:def:6165 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ... oval:org.secpod.oval:def:6429 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ... oval:org.secpod.oval:def:6428 The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ... oval:org.secpod.oval:def:6427 The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ... oval:org.secpod.oval:def:6433 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ... oval:org.secpod.oval:def:6432 The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ... oval:org.secpod.oval:def:6431 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ... oval:org.secpod.oval:def:6430 The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ... oval:org.secpod.oval:def:6437 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ... oval:org.secpod.oval:def:6436 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ... oval:org.secpod.oval:def:6435 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ... oval:org.secpod.oval:def:6434 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ... oval:org.secpod.oval:def:6439 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6438 The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ... oval:org.secpod.oval:def:6840 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6844 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6843 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6842 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:6841 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6848 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6847 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6846 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6845 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:6849 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6850 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6444 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ... oval:org.secpod.oval:def:6443 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6442 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ... oval:org.secpod.oval:def:6441 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6448 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6447 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ... oval:org.secpod.oval:def:6446 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ... oval:org.secpod.oval:def:6445 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6449 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6440 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:6454 The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6453 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ... oval:org.secpod.oval:def:6452 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:6822 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6821 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6820 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6826 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6825 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6824 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6823 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6829 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6828 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6827 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6833 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6832 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6831 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6830 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6837 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6836 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6835 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6834 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6819 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6818 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6860 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:7723 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7724 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:6855 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6854 The host is missing a security update according to Mozilla advisory, MFSA 2012-67. The update is required to fix an untrusted search path vulnerability. A flaw is present in the applications, which fail to properly handle a Trojan horse executable. Successful exploitation could allow local users to ... oval:org.secpod.oval:def:6859 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6858 The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ... oval:org.secpod.oval:def:6857 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ... oval:org.secpod.oval:def:6856 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:7596 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7597 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7598 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7599 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7592 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7593 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7594 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7595 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7590 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7591 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7630 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7631 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7611 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7612 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7613 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7614 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:7610 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7619 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7615 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:7616 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7617 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7618 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7622 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7623 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7624 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7625 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7620 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7621 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7626 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7627 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7628 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7629 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:7600 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7601 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7602 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7603 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7608 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7609 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7604 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7605 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7606 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7607 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7997 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:7998 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:7999 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:7992 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7993 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:7994 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7995 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:7991 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:7725 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7726 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:8029 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8025 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8026 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8027 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:796 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to remote code execution vulnerability. A flaw is present in the applications, which fails to handle malicious web pages. Successful exploitation could allow remote attackers to execute arbitrary code and cause denia ... oval:org.secpod.oval:def:795 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to denial of service vulnerability. A flaw is present in the applications, which fails to handle images with multipart/x-mixed-replace content type. Successful exploitation could allow remote attackers to execute arb ... oval:org.secpod.oval:def:8021 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8022 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8023 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8024 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:798 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to integer overflow vulnerability. A flaw is present in the XSLT node sorting routine, which fails to handle nodes containing an overly large text value. Successful exploitation could allow remote attackers to execut ... oval:org.secpod.oval:def:797 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to remote code execution vulnerability. A flaw is present in the JavaScript engine, which fails to handle malicious web pages. Successful exploitation could allow remote attackers to execute arbitrary code and cause ... oval:org.secpod.oval:def:799 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the applications, which fails to handle multiple plugin instances which share references. Successful exploitation could allow remote attackers to execute arbitrar ... oval:org.secpod.oval:def:8033 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8034 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8030 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8031 The host is missing a security update according to MFSA 2012-99. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:8007 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8009 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8003 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8004 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8005 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8006 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8000 The host is installed with Mozilla Firefox 11.0 before 17.0, before 10.0.11, Firefox ESR before 17.0.2, 10.x before 10.0.12, Thunderbird 11.0 before 17.0, before 10.0.11, Thunderbird ESR 17.0.2, 10.x before 10.0.12 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A ... oval:org.secpod.oval:def:8001 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8002 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8019 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8014 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8016 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8017 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8010 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8011 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8013 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:802 The host is installed with Mozilla Firefox or SeaMonkey and is prone to information disclosure vulnerability. A flaw is present in the focus function used to monitor keyboard entries, which fails to restrict content from one domain being embedded within another through iframes. Successful exploitati ... oval:org.secpod.oval:def:801 The host is installed with Mozilla Firefox or SeaMonkey and is prone to security bypass vulnerability. A flaw is present in the applications, which ignores 'Content-Disposition: attachment' header when 'Content-Type: multipart' header is also present in the HTTP request. Successful exploitation coul ... oval:org.secpod.oval:def:804 The host is installed with Mozilla Firefox or SeaMonkey and is prone to denial of service vulnerability. A flaw is present in the browsers, which fails to handle IFRAME element having a mailto: URL in its SRC attribute. Successful exploitation could allow remote attackers to execute arbitrary code a ... oval:org.secpod.oval:def:800 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in the nsGenericDOMDataNode::SetTextInternal routine, which fails to handle DOM nodes containing an overly large text value. Successful exploitation could allow rem ... oval:org.secpod.oval:def:808 The host is installed with Mozilla Firefox or SeaMonkey and is prone to privilege escalation vulnerability. A flaw is present in the browsers, which fails to handle the injection of an ISINDEX element into an about:blank page which upon submission would redirect to a chrome: document. Successful exp ... oval:org.secpod.oval:def:807 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to remote code execution vulnerability. A flaw is present in the nsIScriptableUnescapeHTML.parseFragment method, which fails to sanitize HTML in a chrome document. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:810 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use after free vulnerability. A flaw is present in the nsCycleCollector::MarkRoots function, which fails to handle frame construction process for menus. Successful exploitation could allow remote attackers to execute arbitrary c ... oval:org.secpod.oval:def:83073 The host is installed with Mozilla Firefox before 5.0 or Mozilla Seamonkey before 2.1 and is prone to an improper input validation vulnerability. A flaw is present in the applications, which fail to handle issues in the cross-domain image as a WebGL texture. Successful exploitation could allow remot ... oval:org.secpod.oval:def:83072 The host is missing a high severity security update according to the Mozilla advisory MFSA2011-25 and is prone to an improper input validation vulnerability. A flaw is present in the applications, which fail to handle issues in the cross-domain image as a WebGL texture. Successful exploitation could ... oval:org.secpod.oval:def:9702 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9701 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9703 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9700 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9709 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9706 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9705 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9708 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9707 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9710 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:941 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:940 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:927 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECTs mChannel. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:929 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption a ... oval:org.secpod.oval:def:928 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT mObserverList. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:934 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to execution of arbitrary code vulnerability. A flaw is present in the application, which fails to properly handle nsTreeRange data structures. Successful exploitation could allow remote attackers to execute ... oval:org.secpod.oval:def:933 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ... oval:org.secpod.oval:def:936 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:935 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:930 The host is installed with Mozilla Firefox or SeaMonkey and is prone to security vulnerability. A flaw is present in the application, which fails to properly implement autocompletion for forms. Successful exploitation could allow remote attackers to read form history entries via a Java applet that s ... oval:org.secpod.oval:def:932 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corrup ... oval:org.secpod.oval:def:931 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exist ... oval:org.secpod.oval:def:938 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:937 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:9669 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9668 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:9665 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9667 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15 or Thunderbird ESR, Firefox ESR 10.x before 10.0.12 or 17.x before 17.0.2 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly ha ... oval:org.secpod.oval:def:9666 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9698 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9697 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9699 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9694 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9693 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:9696 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9695 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9690 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact w ... oval:org.secpod.oval:def:9692 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9691 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9679 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9676 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9675 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15, Thunderbird ESR, Firefox ESR 10.0.x before 10.0.12 or 17.x before 17.0.2 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted docu ... oval:org.secpod.oval:def:9678 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9677 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9672 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9671 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9674 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9673 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9670 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9687 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9686 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9689 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9688 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9683 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9682 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9685 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9681 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9680 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9911 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9910 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9913 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ... oval:org.secpod.oval:def:9912 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ... oval:org.secpod.oval:def:9919 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:9918 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function ... oval:org.secpod.oval:def:9915 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Su ... oval:org.secpod.oval:def:9914 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9917 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState fun ... oval:org.secpod.oval:def:9916 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:9922 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9921 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:9924 The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ... oval:org.secpod.oval:def:9923 The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:9920 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR 17.x before 17.0.3 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vect ... oval:org.secpod.oval:def:9926 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:9925 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9928 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:9927 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9908 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:9907 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster functi ... oval:org.secpod.oval:def:9909 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... oval:org.secpod.oval:def:16083 The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, SeaMonkey before 2.23, Java SE 5.0 through 5.0u61, 6.0 through 6u71, 7.0 through 7u51, 8.0, Windows vista, server 2008, server 2008 R2, win 7, win server ... oval:org.secpod.oval:def:6120 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6103 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6102 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6101 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6104 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:6109 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6114 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6113 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6112 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6111 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6118 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6117 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6116 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6115 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6119 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6110 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:2693 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ... oval:org.secpod.oval:def:2695 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ... oval:org.secpod.oval:def:2694 The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ... oval:org.secpod.oval:def:2699 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ... oval:org.mitre.oval:def:11851 The host is installed with Apple iTunes before 10.2, Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Mozilla SeaMonkey 2.x before 2.0.6 or Mozilla Thunderbird 3.1.x before 3.1.1 and 3.0.x before 3.0.6 or Apple Safari before 5.0.4 and is prone to buffer overflow vulnerability. The flaw is ... |