Overview Details Repositories Revisions Requests Users Attributes Meta
Firefox update to 31.1esr

This patch contains security updates for

* mozilla-nss 3.16.4
- The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.

* Firefox 31.1esr
Firefox is updated from 24esr to 31esr as maintenance for version 24 stopped

Fixed bugs
CVE-CVE-2013-5611
CVE-CVE-2013-5612
CVE-CVE-2013-5614
CVE-CVE-2013-5619
CVE-CVE-2013-6672
CVE-CVE-2014-1480
CVE-CVE-2014-1483
CVE-CVE-2014-1484
CVE-CVE-2014-1485
CVE-CVE-2014-1488
CVE-CVE-2014-1489
CVE-CVE-2014-1492
CVE-CVE-2014-1498
CVE-CVE-2014-1499
CVE-CVE-2014-1500
CVE-CVE-2014-1502
CVE-CVE-2014-1504
CVE-CVE-2014-1519
CVE-CVE-2014-1522
CVE-CVE-2014-1525
CVE-CVE-2014-1526
CVE-CVE-2014-1528
CVE-CVE-2014-1539
CVE-CVE-2014-1540
CVE-CVE-2014-1542
CVE-CVE-2014-1543
CVE-CVE-2014-1549
CVE-CVE-2014-1550
CVE-CVE-2014-1552
CVE-CVE-2014-1553
CVE-CVE-2014-1558
CVE-CVE-2014-1559
CVE-CVE-2014-1560
CVE-CVE-2014-1561
CVE-CVE-2014-1562
CVE-CVE-2014-1563
CVE-CVE-2014-1564
CVE-CVE-2014-1565
CVE-CVE-2014-1567
bmo#1000514
bmo#1001167
bmo#1003707
bmo#1005958
bmo#1011859
bmo#1015973
bmo#1018524
bmo#1020205
bmo#1020411
bmo#1026022
bmo#1037641
bmo#1045977
bmo#1047831
bmo#771294
bmo#871161
bmo#886262
bmo#894736
bmo#903885
bmo#910139
bmo#910375
bmo#911547
bmo#916726
bmo#917841
bmo#935618
bmo#941381
bmo#950427
bmo#950604
bmo#953993
bmo#956524
bmo#959531
bmo#961512
bmo#963962
bmo#972622
bmo#973977
bmo#976648
bmo#978862
bmo#985135
bmo#988106
bmo#989210
bmo#991533
bmo#995289
bmo#995603
bmo#997795
bnc#876833
Firefox 29.0 print empty pdf
bnc#894370
VUL-0: MozillaFirefox 32/31.1 security release
bnc#894201
mozilla nss 3.16.4 or 3.17.0 update
CVE-CVE-2007-3089
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as
CVE-CVE-2007-3285
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension,
CVE-CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack ve
CVE-CVE-2007-3670
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metach
CVE-CVE-2007-3734
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
CVE-CVE-2007-3735
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
CVE-CVE-2007-3736
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another sites context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by
CVE-CVE-2007-3737
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
CVE-CVE-2007-3738
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
CVE-CVE-2008-0016
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
CVE-CVE-2008-1233
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
CVE-CVE-2008-1234
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers
CVE-CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Pri
CVE-CVE-2008-1236
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to
CVE-CVE-2008-1237
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to
CVE-CVE-2008-3835
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
CVE-CVE-2008-4058
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors
CVE-CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
CVE-CVE-2008-4060
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors rel
CVE-CVE-2008-4061
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or po
CVE-CVE-2008-4062
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl
CVE-CVE-2008-4063
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a ze
CVE-CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) han
CVE-CVE-2008-4065
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters t
CVE-CVE-2008-4066
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demo
CVE-CVE-2008-4067
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) chara
CVE-CVE-2008-4068
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive informat
CVE-CVE-2008-4070
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canc
CVE-CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin poli
CVE-CVE-2008-5014
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the
CVE-CVE-2008-5016
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequenc
CVE-CVE-2008-5017
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash)
CVE-CVE-2008-5018
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient clas
CVE-CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying propert
CVE-CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary scr
CVE-CVE-2008-5024
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks
CVE-CVE-2008-5500
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors
CVE-CVE-2008-5501
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
CVE-CVE-2008-5502
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity an
CVE-CVE-2008-5503
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or acce
CVE-CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled
CVE-CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that re
CVE-CVE-2008-5508
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs
CVE-CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the 0 escaped null character, which might allow remote attackers to bypass protection mechanisms such a
CVE-CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "un
CVE-CVE-2008-5512
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vector
CVE-CVE-2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted
CVE-CVE-2009-0771
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and as
CVE-CVE-2009-0772
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerN
CVE-CVE-2009-0773
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-
CVE-CVE-2009-0774
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulner
CVE-CVE-2009-0776
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
CVE-CVE-2009-1571
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt
CVE-CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security
CVE-CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbit
CVE-CVE-2010-0173
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2010-0174
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corru
CVE-CVE-2010-0175
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service
CVE-CVE-2010-0176
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execu
CVE-CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows atta
CVE-CVE-2010-0654
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and t
CVE-CVE-2010-1121
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving i
CVE-CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node wit
CVE-CVE-2010-1199
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a nod
CVE-CVE-2010-1200
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and appli
CVE-CVE-2010-1201
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
CVE-CVE-2010-1202
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and ap
CVE-CVE-2010-1203
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
CVE-CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
CVE-CVE-2010-1211
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service
CVE-CVE-2010-1212
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vector
CVE-CVE-2010-1213
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote
CVE-CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome
CVE-CVE-2010-2752
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading
CVE-CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tr
CVE-CVE-2010-2754
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a scripts URL in certain circumstances involving a re
CVE-CVE-2010-2760
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via ve
CVE-CVE-2010-2762
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to
CVE-CVE-2010-2764
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to d
CVE-CVE-2010-2765
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large
CVE-CVE-2010-2766
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow r
CVE-CVE-2010-2767
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remot
CVE-CVE-2010-2768
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a documents charset, which allows remote atta
CVE-CVE-2010-2769
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via
CVE-CVE-2010-3166
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitra
CVE-CVE-2010-3167
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execut
CVE-CVE-2010-3168
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause
CVE-CVE-2010-3169
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory cor
CVE-CVE-2010-3170
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subjects Common Name field of an X.509 certificate, which might allow man-in-the-mid
CVE-CVE-2010-3173
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes
CVE-CVE-2010-3174
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
CVE-CVE-2010-3175
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar
CVE-CVE-2010-3176
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (mem
CVE-CVE-2010-3178
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and per
CVE-CVE-2010-3179
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or caus
CVE-CVE-2010-3180
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the
CVE-CVE-2010-3182
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows loc
CVE-CVE-2010-3183
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lac
CVE-CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to ns
CVE-CVE-2010-3768
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating systems font implementation, which allows remo
CVE-CVE-2010-3769
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to exe
CVE-CVE-2010-3776
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory
CVE-CVE-2010-3777
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-CVE-2010-3778
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
CVE-CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and applicati
CVE-CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-CVE-2011-0062
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar
CVE-CVE-2011-0069
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corrupti
CVE-CVE-2011-0070
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corrupti
CVE-CVE-2011-0072
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-0074
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-0075
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-0077
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-0078
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-0080
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and ap
CVE-CVE-2011-0081
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
CVE-CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of se
CVE-CVE-2011-0084
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which
CVE-CVE-2011-0085
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the cu
CVE-CVE-2011-1187
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
CVE-CVE-2011-2362
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Coo
CVE-CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of se
CVE-CVE-2011-2364
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn
CVE-CVE-2011-2365
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn
CVE-CVE-2011-2371
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Arra
CVE-CVE-2011-2372
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access
CVE-CVE-2011-2373
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
CVE-CVE-2011-2374
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe
CVE-CVE-2011-2376
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
CVE-CVE-2011-2377
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x
CVE-CVE-2011-2985
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application
CVE-CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from
CVE-CVE-2011-2987
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to ex
CVE-CVE-2011-2988
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a de
CVE-CVE-2011-2989
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and applicati
CVE-CVE-2011-2991
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and appl
CVE-CVE-2011-2992
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly e
CVE-CVE-2011-3000
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attack
CVE-CVE-2011-3001
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a
CVE-CVE-2011-3005
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg f
CVE-CVE-2011-3026
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
CVE-CVE-2011-3062
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
CVE-CVE-2011-3101
CVE-CVE-2011-3232
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-CVE-2011-3648
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
CVE-CVE-2011-3650
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corrup
CVE-CVE-2011-3651
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-CVE-2011-3652
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unsp
CVE-CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or
CVE-CVE-2011-3655
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-CVE-2011-3658
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have uns
CVE-CVE-2011-3659
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChi
CVE-CVE-2011-3660
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
CVE-CVE-2011-3661
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
CVE-CVE-2012-0441
CVE-CVE-2012-0442
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption
CVE-CVE-2012-0443
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
CVE-CVE-2012-0444
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruptio
CVE-CVE-2012-0445
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frames name attribu
CVE-CVE-2012-0446
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, relate
CVE-CVE-2012-0447
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image th
CVE-CVE-2012-0449
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
CVE-CVE-2012-0451
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Poli
CVE-CVE-2012-0452
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger fail
CVE-CVE-2012-0455
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascrip
CVE-CVE-2012-0456
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers
CVE-CVE-2012-0457
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x befor
CVE-CVE-2012-0458
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dra
CVE-CVE-2012-0459
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of se
CVE-CVE-2012-0460
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attacke
CVE-CVE-2012-0461
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8
CVE-CVE-2012-0462
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a de
CVE-CVE-2012-0463
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not
CVE-CVE-2012-0464
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows r
CVE-CVE-2012-0467
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a de
CVE-CVE-2012-0468
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors re
CVE-CVE-2012-0469
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
CVE-CVE-2012-0470
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows rem
CVE-CVE-2012-0471
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script
CVE-CVE-2012-0472
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are us
CVE-CVE-2012-0473
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with
CVE-CVE-2012-0474
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers
CVE-CVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH
CVE-CVE-2012-0477
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary
CVE-CVE-2012-0478
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT
CVE-CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom X
CVE-CVE-2012-0759
CVE-CVE-2012-1937
CVE-CVE-2012-1938
CVE-CVE-2012-1940
CVE-CVE-2012-1941
CVE-CVE-2012-1944
CVE-CVE-2012-1945
CVE-CVE-2012-1946
CVE-CVE-2012-1947
CVE-CVE-2012-1948
CVE-CVE-2012-1949
CVE-CVE-2012-1951
CVE-CVE-2012-1952
CVE-CVE-2012-1953
CVE-CVE-2012-1954
CVE-CVE-2012-1955
CVE-CVE-2012-1956
CVE-CVE-2012-1957
CVE-CVE-2012-1958
CVE-CVE-2012-1959
CVE-CVE-2012-1960
CVE-CVE-2012-1961
CVE-CVE-2012-1962
CVE-CVE-2012-1963
CVE-CVE-2012-1967
CVE-CVE-2012-1970
CVE-CVE-2012-1972
CVE-CVE-2012-1973
CVE-CVE-2012-1974
CVE-CVE-2012-1975
CVE-CVE-2012-1976
CVE-CVE-2012-3956
CVE-CVE-2012-3957
CVE-CVE-2012-3958
CVE-CVE-2012-3959
CVE-CVE-2012-3960
CVE-CVE-2012-3961
CVE-CVE-2012-3962
CVE-CVE-2012-3963
CVE-CVE-2012-3964
CVE-CVE-2012-3966
CVE-CVE-2012-3967
CVE-CVE-2012-3968
CVE-CVE-2012-3969
CVE-CVE-2012-3970
CVE-CVE-2012-3971
CVE-CVE-2012-3972
CVE-CVE-2012-3975
CVE-CVE-2012-3978
CVE-CVE-2012-3980
CVE-CVE-2012-3982
CVE-CVE-2012-3983
CVE-CVE-2012-3984
CVE-CVE-2012-3985
CVE-CVE-2012-3986
CVE-CVE-2012-3988
CVE-CVE-2012-3989
CVE-CVE-2012-3990
CVE-CVE-2012-3991
CVE-CVE-2012-3992
CVE-CVE-2012-3993
CVE-CVE-2012-3994
CVE-CVE-2012-3995
CVE-CVE-2012-4179
CVE-CVE-2012-4180
CVE-CVE-2012-4181
CVE-CVE-2012-4182
CVE-CVE-2012-4183
CVE-CVE-2012-4184
CVE-CVE-2012-4185
CVE-CVE-2012-4186
CVE-CVE-2012-4187
CVE-CVE-2012-4188
CVE-CVE-2012-4191
CVE-CVE-2012-4192
CVE-CVE-2012-4193
CVE-CVE-2012-4194
CVE-CVE-2012-4195
CVE-CVE-2012-4196
CVE-CVE-2012-4201
CVE-CVE-2012-4202
CVE-CVE-2012-4204
CVE-CVE-2012-4205
CVE-CVE-2012-4207
CVE-CVE-2012-4208
CVE-CVE-2012-4209
CVE-CVE-2012-4212
CVE-CVE-2012-4213
CVE-CVE-2012-4214
CVE-CVE-2012-4215
CVE-CVE-2012-4216
CVE-CVE-2012-4217
CVE-CVE-2012-4218
CVE-CVE-2012-5829
CVE-CVE-2012-5830
CVE-CVE-2012-5833
CVE-CVE-2012-5835
CVE-CVE-2012-5836
CVE-CVE-2012-5837
CVE-CVE-2012-5838
CVE-CVE-2012-5839
CVE-CVE-2012-5840
CVE-CVE-2012-5841
CVE-CVE-2012-5842
CVE-CVE-2012-5843
CVE-CVE-2013-0743
CVE-CVE-2013-0744
CVE-CVE-2013-0745
CVE-CVE-2013-0746
CVE-CVE-2013-0747
CVE-CVE-2013-0748
CVE-CVE-2013-0749
CVE-CVE-2013-0750
CVE-CVE-2013-0752
CVE-CVE-2013-0753
CVE-CVE-2013-0754
CVE-CVE-2013-0755
CVE-CVE-2013-0756
CVE-CVE-2013-0757
CVE-CVE-2013-0758
CVE-CVE-2013-0760
CVE-CVE-2013-0761
CVE-CVE-2013-0762
CVE-CVE-2013-0763
CVE-CVE-2013-0764
CVE-CVE-2013-0766
CVE-CVE-2013-0767
CVE-CVE-2013-0768
CVE-CVE-2013-0769
CVE-CVE-2013-0770
CVE-CVE-2013-0771
CVE-CVE-2013-0773
CVE-CVE-2013-0774
CVE-CVE-2013-0775
CVE-CVE-2013-0776
CVE-CVE-2013-0780
CVE-CVE-2013-0782
CVE-CVE-2013-0783
CVE-CVE-2013-0787
CVE-CVE-2013-0788
CVE-CVE-2013-0789
CVE-CVE-2013-0793
CVE-CVE-2013-0795
CVE-CVE-2013-0796
CVE-CVE-2013-0800
CVE-CVE-2013-0801
CVE-CVE-2013-1669
CVE-CVE-2013-1670
CVE-CVE-2013-1674
CVE-CVE-2013-1675
CVE-CVE-2013-1676
CVE-CVE-2013-1677
CVE-CVE-2013-1678
CVE-CVE-2013-1679
CVE-CVE-2013-1680
CVE-CVE-2013-1681
CVE-CVE-2013-1682
CVE-CVE-2013-1684
CVE-CVE-2013-1685
CVE-CVE-2013-1686
CVE-CVE-2013-1687
CVE-CVE-2013-1690
CVE-CVE-2013-1692
CVE-CVE-2013-1693
CVE-CVE-2013-1694
CVE-CVE-2013-1697
CVE-CVE-2013-1701
CVE-CVE-2013-1709
CVE-CVE-2013-1710
CVE-CVE-2013-1713
CVE-CVE-2013-1714
CVE-CVE-2013-1717
CVE-CVE-2013-1718
CVE-CVE-2013-1719
CVE-CVE-2013-1720
CVE-CVE-2013-1722
CVE-CVE-2013-1723
CVE-CVE-2013-1724
CVE-CVE-2013-1725
CVE-CVE-2013-1728
CVE-CVE-2013-1730
CVE-CVE-2013-1732
CVE-CVE-2013-1735
CVE-CVE-2013-1736
CVE-CVE-2013-1737
CVE-CVE-2013-1738
CVE-CVE-2013-5590
CVE-CVE-2013-5591
CVE-CVE-2013-5592
CVE-CVE-2013-5593
CVE-CVE-2013-5595
CVE-CVE-2013-5596
CVE-CVE-2013-5597
CVE-CVE-2013-5599
CVE-CVE-2013-5600
CVE-CVE-2013-5601
CVE-CVE-2013-5602
CVE-CVE-2013-5603
CVE-CVE-2013-5604
CVE-CVE-2013-5609
CVE-CVE-2013-5610
CVE-CVE-2013-5613
CVE-CVE-2013-5615
CVE-CVE-2013-5616
CVE-CVE-2013-5618
CVE-CVE-2013-6629
CVE-CVE-2013-6630
CVE-CVE-2013-6671
CVE-CVE-2013-6673
CVE-CVE-2014-1477
CVE-CVE-2014-1478
CVE-CVE-2014-1479
CVE-CVE-2014-1481
CVE-CVE-2014-1482
CVE-CVE-2014-1486
CVE-CVE-2014-1487
CVE-CVE-2014-1490
CVE-CVE-2014-1491
CVE-CVE-2014-1493
CVE-CVE-2014-1494
CVE-CVE-2014-1497
CVE-CVE-2014-1505
CVE-CVE-2014-1508
CVE-CVE-2014-1509
CVE-CVE-2014-1510
CVE-CVE-2014-1511
CVE-CVE-2014-1512
CVE-CVE-2014-1513
CVE-CVE-2014-1514
CVE-CVE-2014-1518
CVE-CVE-2014-1523
CVE-CVE-2014-1524
CVE-CVE-2014-1529
CVE-CVE-2014-1530
CVE-CVE-2014-1531
CVE-CVE-2014-1532
CVE-CVE-2014-1533
CVE-CVE-2014-1534
CVE-CVE-2014-1536
CVE-CVE-2014-1537
CVE-CVE-2014-1538
CVE-CVE-2014-1541
CVE-CVE-2014-1544
CVE-CVE-2014-1545
CVE-CVE-2014-1547
CVE-CVE-2014-1548
CVE-CVE-2014-1555
CVE-CVE-2014-1556
CVE-CVE-2014-1557
bmo#1000185
bmo#1000598
bmo#1000960
bmo#1002340
bmo#1005578
bmo#1005584
bmo#1007223
bmo#1009952
bmo#1011007
bmo#1018783
bmo#1023121
bmo#1028891
bmo#1054359
bmo#389732
GetHandlerAppFromPrefs still partially used in unix helper app service
bmo#398702
Thunderbirds File, Edit and View menus are hidden with some Lightning + other extensions combinations - Error: document.getElementById("show-completed-checkbox") is null Fichier Source : chrome://calendar/content/calendar-unifinder-todo.js Line : 61
bmo#399589
PSM + tip of NSS, error ‘SECAlgorithmIDTemplate’ not declared
bmo#406541
bmo#436741
"Assertion failure: OBJ_IS_NATIVE(obj)" with __proto__ mangling
bmo#453689
Firefox needs to register the proper name with session management for restart
bmo#453915
XML injection possible in E4X parsing via "default xml namespace"
bmo#456896
[FIX]Crash [@ nsFrameManager::GetPrimaryFrameFor] with invalid input type (ZDI-CAN-390)
bmo#460002
Its possible to circumvent the inner window check in nsXMLHttpRequest::NotifyEventListeners()
bmo#490790
XMLDocument::load() doesnt check nsIContentPolicy
bmo#493541
jemalloc integration cause crashes when libraries or plugins dlopen with RTLD_DEEPBIND
bmo#495392
Crash when pasted selection contains data from java [@libc-2.10.1.so@0x729b8 ][@ nsClipboard::HasDataMatchingFlavors] [@ nsHTMLEditor::HavePrivateHTMLFlavor]
bmo#508986
XSMP session restore doesnt work
bmo#520189
Copy-and-paste or drag-and-drop into designMode document allows XSS
bmo#524223
Cross-domain data theft using CSS
bmo#527276
[@font-face] investigate support for OpenType sanitizer library
bmo#534666
Heap buffer overflow and crash [@ nsGenericDOMDataNode::SetTextInternal] on 64-bit
bmo#538308
nsTreeContentView Dangling Pointer Vulnerability (ZDI-CAN-633)
bmo#540100
nsTreeSelection EventListener Use-after-free Remote Code Execution Vulnerability (ZDI-CAN-669)
bmo#545755
Update Mozilla stable branches to NSS 3.12.6 and minimal support for RFC 5746
bmo#552090
XHR Cross Site Status leak from xhr.statusText
bmo#554255
XSLT Sort Remote Code Execution Vulnerability (ZDI-CAN-747)
bmo#555109
Move wrappers to new scope even if their parent hasnt been moved yet (ZDI-CAN-761)
bmo#562547
ParanoidFragmentSinks allow javascript: urls in chrome documents
bmo#568148
Combining "importScripts" of WebWorker with E4X causes information disclosure
bmo#568564
Suppress the script filename for cross-origin error events (SA39925)
bmo#570451
segmentation fault when viewing a malformed PNG image
bmo#571106
nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (ZDI-CAN-755)
bmo#574059
nsCSSValue::Array index integer overflow (can lead to remote code execution via CSS font-face) (ZDI-CAN-831)
bmo#575294
bmo#576070
nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability (ZDI-CAN-804)
bmo#576075
tree Object Removal Remote Code Execution Vulnerability (ZDI-CAN-817)
bmo#576365
Thunderbird 3.1 wont play sound ( 3.0.5 works fine!!!)
bmo#576447
FRAMESET integer overflow via new operator in nsHTMLFrameSetElement::ParseRowCol()
bmo#576616
cross-site information disclosure via modal calls
bmo#578697
Browser Wildcard Certificate Validation Issue
bmo#579655
heap overflow in text runs - crash [@ nsTextFrameUtils::TransformText]
bmo#579744
UTF-7 Universal XSS by overriding document charset using <object> type attribute
bmo#580445
normalizeDocument Remote Code Execution Vulnerability (ZDI-CAN-866)
bmo#583077
Buffer overflow due to uniscribe failure on long text runs
bmo#584180
SJOWs create scope chains ending in outer objects
bmo#584512
nsPluginArray - memory corruption
bmo#585815
Possible unfixed nsTreeSelection dangling pointer issues from bug 571106 (ZDI-CAN-903)
bmo#588929
Use after free - nsBarProp
bmo#590753
Insecure handling of LD_LIBRARY_PATH by run-mozilla.sh
bmo#598669
LookupGetterOrSetter Remote Code Execution Vulnerability (ZDI-CAN-929)
bmo#607222
Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers
bmo#608336
CRITICAL BUG when calling document.write()
bmo#610601
Firefox crash [@ ycc_rgb_convert] [@ ycc_rgb_convert_argb] on image with src set to a resource with multipart/x-mixed-replace content type [Access Violation]
bmo#616264
Cookies set for www.foo.com. are sent to www.foo.com
bmo#617247
Use after free (in nsXULProtypeScript?) when viewing xul document w/JS disabled
bmo#624621
bmo#638018
[1.9.2] crash [@ ycc_rgb_convert] on image with src set to a resource with multipart/x-mixed-replace content type
bmo#639303
FF4 crashes on multipart image/motion jpeg stream changing image size [@ @0x0 | mozilla::imagelib::Decoder::Finish() ]
bmo#648094
Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability (ZDI-CAN-1143)
bmo#655389
CRLF Injection and the parsing of HTTP headers
bmo#655649
bmo#655836
bmo#664009
Array.reduceRight() info leak and potential code execution
bmo#665934
GrowAtomTable() return code not checked, crash due to ANGLE
bmo#665936
string crash found while fuzzing WebGL shaders
bmo#670514
bmo#672182
bmo#674776
bmo#675747
bmo#682927
Dis-trust DigiNotar root certificate
bmo#683449
Remove the exemptions for the Staat der Nederlanden root
bmo#687745
bmo#690225
bmo#690267
Insert|Insert Characters and symbols not working - no options in drop-downs.
bmo#690290
Disable the whats new tab for users updating from 7.0 to 7.0.1
bmo#691299
bmo#691898
bmo#694576
bmo#701071
bmo#701259
bmo#701806
bmo#702466
bmo#703534
bmo#704354
bmo#704482
bmo#705651
bmo#708186
bmo#708198
bmo#710079
bmo#711043
bmo#711653
bmo#714631
bmo#715073
bmo#715319
bmo#717511
bmo#718573
bmo#719612
bmo#720619
bmo#723446
bmo#724284
bmo#725770
bmo#727303
bmo#727401
bmo#727547
bmo#733305
bmo#733731
bmo#734288
bmo#735940
bmo#737307
bmo#737559
bmo#737646
bmo#738397
bmo#738985
bmo#739146
bmo#739925
bmo#743475
bmo#744480
bmo#746855
bmo#747607
bmo#748090
bmo#748432
bmo#748726
bmo#748865
bmo#748997
bmo#750096
bmo#750109
bmo#750820
bmo#751422
bmo#754044
bmo#756719
bmo#757376
bmo#758200
bmo#758344
bmo#761014
bmo#761655
bmo#764296
bmo#765527
bmo#767778
bmo#768101
bmo#770429
bmo#770684
bmo#771859
bmo#775009
bmo#775793
bmo#775794
bmo#775868
bmo#776877
bmo#778603
bmo#779821
bmo#780370
bmo#783260
bmo#783867
bmo#787704
bmo#792405
bmo#792857
bmo#793121
bmo#794158
bmo#796475
bmo#798045
bmo#798264
bmo#799952
bmo#800363
bmo#800666
bmo#801681
bmo#802026
bmo#802557
bmo#803870
bmo#804237
bmo#805024
bmo#805121
bmo#805807
bmo#806031
bmo#809652
bmo#813901
bmo#813906
bmo#814001
bmo#814026
bmo#814027
bmo#814029
bmo#814713
bmo#815795
bmo#816842
bmo#825697
bmo#825721
bmo#827106
bmo#827193
bmo#831095
bmo#838253
bmo#848535
bmo#848644
bmo#851353
bmo#853709
bmo#857883
bmo#858101
bmo#860971
bmo#863933
bmo#866823
bmo#866825
bmo#866915
bmo#868327
bmo#871368
bmo#876762
bmo#879787
bmo#882897
bmo#883514
bmo#883686
bmo#886095
bmo#887098
bmo#887334
bmo#888820
bmo#891292
bmo#891693
bmo#893308
bmo#894137
bmo#895557
bmo#897678
bmo#898871
bmo#906301
bmo#907727
bmo#910881
bmo#911864
bmo#913785
bmo#913805
bmo#914017
bmo#915210
bmo#915576
bmo#916404
bmo#916580
bmo#916685
bmo#917955
bmo#918864
bmo#921622
bmo#926361
bmo#927073
bmo#929261
bmo#930281
bmo#930381
bmo#930857
bmo#930874
bmo#932449
bmo#934545
bmo#936056
bmo#938341
bmo#941887
bmo#942164
bmo#943803
bmo#946351
bmo#947592
bmo#963150
bmo#963198
bmo#966006
bmo#966021
bmo#966311
bmo#967354
bmo#969226
bmo#969517
bmo#969549
bmo#970380
bmo#973874
bmo#978652
bmo#978811
bmo#982906
bmo#982909
bmo#982957
bmo#982974
bmo#983344
bmo#987003
bmo#987140
bmo#988719
bmo#989183
bmo#989994
bmo#990868
bmo#991981
bmo#992274
bmo#994907
bmo#995679
bmo#995816
bmo#995817
bmo#996536
bmo#996715
bmo#999274
bmo#999651
bnc#104586
firefox crashs upon save
bnc#354469
VUL-0: MozillaFirefox: 2.0.0.12 release
bnc#385739
thunderbird should use hunspell, not myspell
bnc#390992
mozilla-xulrunner181 and MozillaThunderbird not at latest security fix level
bnc#417869
VUL-0: Thunderbird 2.0.0.12 needs to be upgraded
bnc#41903
mozilla and more computers
bnc#429179
VUL-0: MozillaFirefox 3.0.2 / 2.0.0.17 / Seamonkey 1.1.12
bnc#439841
VUL-0: Gecko 1.8.1.18/1.9.0.4 (Firefox 2.0.0.18/3.0.4) etc
bnc#441084
gpg does not work anymore after update
bnc#455804
VUL-0: Firefox 3.0.5 / 2.0.0.19 update
bnc#484321
VUL-0: mozillathunderbird 2.0.0.21 update
bnc#503151
firefox crashes in glibcs nss because of the jemalloc integration
bnc#518603
Firefox 3.5 broken startup notification
bnc#527418
Platform File Picker ignores gtk-alternative-button-order configuration
bnc#528406
Thunderbird does not handle XSMP restore as expected
bnc#529180
Split mozilla-xulrunner191-translations
bnc#542809
smtp auth error in TB3.0b4 (cs locale)
bnc#559819
Upgrade Thunderbird to final 3.0 version
bnc#576969
VUL-0: Firefox 3.5.8 / Firefox 3.0.18
bnc#582276
thunderbird 3.0.1 buffer overflow, terminates when starting new mail
bnc#586567
VUL-0: Mozilla Firefox 3.5.9/3.6.2
bnc#593807
[mozilla:Factory/MozillaThunderbird] Thunderbird republishes every time even without changes
bnc#603356
VUL-0: Firefox 3.5.10 / 3.6.4
bnc#622506
VUL-0: Firefox 3.5.11 / 3.6.7
bnc#637303
VUL-0: Mozilla Firefox 3.5.12/3.6.9 ...
bnc#642502
MozillaThunderbird: /usr/bin/thunderbird insecure LD_LIBRARY_PATH
bnc#645315
VUL-0: Mozilla Firefox 3.6.11 / 3.5.14
bnc#649492
VUL-0: MozillaFirefox: 3.6.12/3.5.15 fixes remote vulnerability in firefox
bnc#657016
VUL-0: MozillaFirefox: 3.6.13/3.5.16 fixes security issues
bnc#664211
firefox (and thunderbird) .desktop should be renamed
bnc#667155
VUL-0: MozillaFirefox 3.5.17/3.6.14
bnc#689281
VUL-0: Mozilla Firefox 3.6.17 / 4.0.1
bnc#701296
VUL-0: Mozilla Firefox 3.6.18 / 5
bnc#712224
VUL-0: MozillaFirefox 6 / 3.6.20 security update round
bnc#714931
VUL-0: MozillaFirefox 6.0.2 / 3.6.22 security update (chemspill)
bnc#720264
VUL-0: Firefox 7 / 3.6.23 and other Mozilla apps
bnc#726758
Thunderbird icon is broken until gtk icon cache is manually refreshed
bnc#728520
Firefox 8 / 3.6.24 and other mozilla apps
bnc#732898
Firefox is not accessible
bnc#733002
Thunderbird/Enigmail is endless accessing PGP Keyserver
bnc#737533
VUL-0: MozillaFirefox 9 / 3.6.25 and other mozilla apps
bnc#744275
VUL-0: MozillaFirefox 10 / 3.6.26 and other mozilla apps
bnc#746616
VUL-0: CVE-2012-0452 MozillaFirefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)
bnc#747328
VUL-0: MozillaFirefox: 10.0.2 / 3.6.27(?) release for libpng issue
bnc#749440
KDE filemanager is lost in Thunderbird with Update to version 10
bnc#750044
VUL-0: MozillaFirefox 11 / 10.0.3esr etc
bnc#755060
Mozilla Thunderbird hangs frequently after update to 11.0
bnc#758408
VUL-0: MozillaFirefox 12 / 10.0.4esr etc
bnc#765204
VUL-0: MozillaFirefox 13/10.0.5esr and other Gecko users
bnc#771583
VUL-0: MozillaFirefox 14/10.0.6ESR security update round
bnc#777588
VUL-0: MozillaFirefox 15/10.0.7ESR security release
bnc#783533
VUL-0: MozillaFirefox 16/10.0.8ESR security release
bnc#786522
VUL-0: MozillaFirefox 16.0.2/10.0.10 security release
bnc#790140
VUL-0: MozillaFirefox 17.0/10.0.11 security release
bnc#796895
VUL-0: Mozilla Firefox 18 / 10.0.12 etc
bnc#804248
VUL-0: MozillaFirefox 19 / 17.0.3
bnc#808243
VUL-0: MozillaFirefox 19.0.2/17.0.4
bnc#813026
VUL-0: MozillaFirefox 20.0/17.0.5
bnc#819204
VUL-0: Mozilla 21/17.0.6 security release
bnc#825935
VUL-0: MozillaFirefox 22 security release
bnc#833389
VUL-0: MozillaFirefox 23/17.0.8esr security release
bnc#840485
VUL-0: Firefox 24.0/17.0.9esr security release
bnc#847708
VUL-0: MozillaFirefox 25 security release
bnc#854370
VUL-0: MozillaFirefox 26/24.2.0 security release
bnc#861847
VUL-0: Firefox 27/24.3.0 security release
bnc#868603
VUL-0: MozillaFirefox 28 security release
bnc#875378
VUL-0: Firefox 29 security release
bnc#881874
VUL-0: MozillaFirefox 30 security release
bnc#887746
VUL-0: MozillaFirefox 31 security release
Selected Binaries
openSUSE Build Service is sponsored by
Places