Overview

File _patchinfo of Package patchinfo.313

<patchinfo incident="313">
  <packager>wrosenauer</packager>
  <issue tracker="cve" id="CVE-2013-5611"></issue>
  <issue tracker="cve" id="CVE-2013-5612"></issue>
  <issue tracker="cve" id="CVE-2013-5614"></issue>
  <issue tracker="cve" id="CVE-2013-5619"></issue>
  <issue tracker="cve" id="CVE-2013-6672"></issue>
  <issue tracker="cve" id="CVE-2014-1480"></issue>
  <issue tracker="cve" id="CVE-2014-1483"></issue>
  <issue tracker="cve" id="CVE-2014-1484"></issue>
  <issue tracker="cve" id="CVE-2014-1485"></issue>
  <issue tracker="cve" id="CVE-2014-1488"></issue>
  <issue tracker="cve" id="CVE-2014-1489"></issue>
  <issue tracker="cve" id="CVE-2014-1492"></issue>
  <issue tracker="cve" id="CVE-2014-1498"></issue>
  <issue tracker="cve" id="CVE-2014-1499"></issue>
  <issue tracker="cve" id="CVE-2014-1500"></issue>
  <issue tracker="cve" id="CVE-2014-1502"></issue>
  <issue tracker="cve" id="CVE-2014-1504"></issue>
  <issue tracker="cve" id="CVE-2014-1519"></issue>
  <issue tracker="cve" id="CVE-2014-1522"></issue>
  <issue tracker="cve" id="CVE-2014-1525"></issue>
  <issue tracker="cve" id="CVE-2014-1526"></issue>
  <issue tracker="cve" id="CVE-2014-1528"></issue>
  <issue tracker="cve" id="CVE-2014-1539"></issue>
  <issue tracker="cve" id="CVE-2014-1540"></issue>
  <issue tracker="cve" id="CVE-2014-1542"></issue>
  <issue tracker="cve" id="CVE-2014-1543"></issue>
  <issue tracker="cve" id="CVE-2014-1549"></issue>
  <issue tracker="cve" id="CVE-2014-1550"></issue>
  <issue tracker="cve" id="CVE-2014-1552"></issue>
  <issue tracker="cve" id="CVE-2014-1553"></issue>
  <issue tracker="cve" id="CVE-2014-1558"></issue>
  <issue tracker="cve" id="CVE-2014-1559"></issue>
  <issue tracker="cve" id="CVE-2014-1560"></issue>
  <issue tracker="cve" id="CVE-2014-1561"></issue>
  <issue tracker="cve" id="CVE-2014-1562"></issue>
  <issue tracker="cve" id="CVE-2014-1563"></issue>
  <issue tracker="cve" id="CVE-2014-1564"></issue>
  <issue tracker="cve" id="CVE-2014-1565"></issue>
  <issue tracker="cve" id="CVE-2014-1567"></issue>
  <issue tracker="bmo" id="1000514"></issue>
  <issue tracker="bmo" id="1001167"></issue>
  <issue tracker="bmo" id="1003707"></issue>
  <issue tracker="bmo" id="1005958"></issue>
  <issue tracker="bmo" id="1011859"></issue>
  <issue tracker="bmo" id="1015973"></issue>
  <issue tracker="bmo" id="1018524"></issue>
  <issue tracker="bmo" id="1020205"></issue>
  <issue tracker="bmo" id="1020411"></issue>
  <issue tracker="bmo" id="1026022"></issue>
  <issue tracker="bmo" id="1037641"></issue>
  <issue tracker="bmo" id="1045977"></issue>
  <issue tracker="bmo" id="1047831"></issue>
  <issue tracker="bmo" id="771294"></issue>
  <issue tracker="bmo" id="871161"></issue>
  <issue tracker="bmo" id="886262"></issue>
  <issue tracker="bmo" id="894736"></issue>
  <issue tracker="bmo" id="903885"></issue>
  <issue tracker="bmo" id="910139"></issue>
  <issue tracker="bmo" id="910375"></issue>
  <issue tracker="bmo" id="911547"></issue>
  <issue tracker="bmo" id="916726"></issue>
  <issue tracker="bmo" id="917841"></issue>
  <issue tracker="bmo" id="935618"></issue>
  <issue tracker="bmo" id="941381"></issue>
  <issue tracker="bmo" id="950427"></issue>
  <issue tracker="bmo" id="950604"></issue>
  <issue tracker="bmo" id="953993"></issue>
  <issue tracker="bmo" id="956524"></issue>
  <issue tracker="bmo" id="959531"></issue>
  <issue tracker="bmo" id="961512"></issue>
  <issue tracker="bmo" id="963962"></issue>
  <issue tracker="bmo" id="972622"></issue>
  <issue tracker="bmo" id="973977"></issue>
  <issue tracker="bmo" id="976648"></issue>
  <issue tracker="bmo" id="978862"></issue>
  <issue tracker="bmo" id="985135"></issue>
  <issue tracker="bmo" id="988106"></issue>
  <issue tracker="bmo" id="989210"></issue>
  <issue tracker="bmo" id="991533"></issue>
  <issue tracker="bmo" id="995289"></issue>
  <issue tracker="bmo" id="995603"></issue>
  <issue tracker="bmo" id="997795"></issue>
  <issue tracker="bnc" id="876833">Firefox 29.0 print empty pdf</issue>
  <issue tracker="bnc" id="894370">VUL-0: MozillaFirefox 32/31.1 security release</issue>
  <issue tracker="bnc" id="894201">mozilla nss 3.16.4 or 3.17.0 update</issue>
  <issue tracker="cve" id="CVE-2007-3089">Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as</issue>
  <issue tracker="cve" id="CVE-2007-3285">Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, </issue>
  <issue tracker="cve" id="CVE-2007-3656">Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack ve</issue>
  <issue tracker="cve" id="CVE-2007-3670">Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metach</issue>
  <issue tracker="cve" id="CVE-2007-3734">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.</issue>
  <issue tracker="cve" id="CVE-2007-3735">Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.</issue>
  <issue tracker="cve" id="CVE-2007-3736">Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another sites context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by</issue>
  <issue tracker="cve" id="CVE-2007-3737">Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."</issue>
  <issue tracker="cve" id="CVE-2007-3738">Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.</issue>
  <issue tracker="cve" id="CVE-2008-0016">Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.</issue>
  <issue tracker="cve" id="CVE-2008-1233">Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."</issue>
  <issue tracker="cve" id="CVE-2008-1234">Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers</issue>
  <issue tracker="cve" id="CVE-2008-1235">Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Pri</issue>
  <issue tracker="cve" id="CVE-2008-1236">Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to</issue>
  <issue tracker="cve" id="CVE-2008-1237">Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to</issue>
  <issue tracker="cve" id="CVE-2008-3835">The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.</issue>
  <issue tracker="cve" id="CVE-2008-4058">The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors </issue>
  <issue tracker="cve" id="CVE-2008-4059">The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.</issue>
  <issue tracker="cve" id="CVE-2008-4060">Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors rel</issue>
  <issue tracker="cve" id="CVE-2008-4061">Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or po</issue>
  <issue tracker="cve" id="CVE-2008-4062">Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl</issue>
  <issue tracker="cve" id="CVE-2008-4063">Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a ze</issue>
  <issue tracker="cve" id="CVE-2008-4064">Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) han</issue>
  <issue tracker="cve" id="CVE-2008-4065">Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters t</issue>
  <issue tracker="cve" id="CVE-2008-4066">Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demo</issue>
  <issue tracker="cve" id="CVE-2008-4067">Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) chara</issue>
  <issue tracker="cve" id="CVE-2008-4068">Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive informat</issue>
  <issue tracker="cve" id="CVE-2008-4070">Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canc</issue>
  <issue tracker="cve" id="CVE-2008-5012">Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin poli</issue>
  <issue tracker="cve" id="CVE-2008-5014">jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the</issue>
  <issue tracker="cve" id="CVE-2008-5016">The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequenc</issue>
  <issue tracker="cve" id="CVE-2008-5017">Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash)</issue>
  <issue tracker="cve" id="CVE-2008-5018">The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient clas</issue>
  <issue tracker="cve" id="CVE-2008-5021">nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying propert</issue>
  <issue tracker="cve" id="CVE-2008-5022">The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary scr</issue>
  <issue tracker="cve" id="CVE-2008-5024">Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks</issue>
  <issue tracker="cve" id="CVE-2008-5500">The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors</issue>
  <issue tracker="cve" id="CVE-2008-5501">The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.</issue>
  <issue tracker="cve" id="CVE-2008-5502">The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity an</issue>
  <issue tracker="cve" id="CVE-2008-5503">The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or acce</issue>
  <issue tracker="cve" id="CVE-2008-5506">Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled</issue>
  <issue tracker="cve" id="CVE-2008-5507">Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that re</issue>
  <issue tracker="cve" id="CVE-2008-5508">Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs </issue>
  <issue tracker="cve" id="CVE-2008-5510">The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the 0 escaped null character, which might allow remote attackers to bypass protection mechanisms such a</issue>
  <issue tracker="cve" id="CVE-2008-5511">Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "un</issue>
  <issue tracker="cve" id="CVE-2008-5512">Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vector</issue>
  <issue tracker="cve" id="CVE-2009-0040">The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted</issue>
  <issue tracker="cve" id="CVE-2009-0771">The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and as</issue>
  <issue tracker="cve" id="CVE-2009-0772">The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerN</issue>
  <issue tracker="cve" id="CVE-2009-0773">The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-</issue>
  <issue tracker="cve" id="CVE-2009-0774">The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulner</issue>
  <issue tracker="cve" id="CVE-2009-0776">nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.</issue>
  <issue tracker="cve" id="CVE-2009-1571">Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt</issue>
  <issue tracker="cve" id="CVE-2009-3555">The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security </issue>
  <issue tracker="cve" id="CVE-2010-0159">The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbit</issue>
  <issue tracker="cve" id="CVE-2010-0173">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2010-0174">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corru</issue>
  <issue tracker="cve" id="CVE-2010-0175">Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service</issue>
  <issue tracker="cve" id="CVE-2010-0176">Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execu</issue>
  <issue tracker="cve" id="CVE-2010-0182">The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows atta</issue>
  <issue tracker="cve" id="CVE-2010-0654">Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and t</issue>
  <issue tracker="cve" id="CVE-2010-1121">Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving i</issue>
  <issue tracker="cve" id="CVE-2010-1196">Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node wit</issue>
  <issue tracker="cve" id="CVE-2010-1199">Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a nod</issue>
  <issue tracker="cve" id="CVE-2010-1200">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and appli</issue>
  <issue tracker="cve" id="CVE-2010-1201">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute</issue>
  <issue tracker="cve" id="CVE-2010-1202">Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and ap</issue>
  <issue tracker="cve" id="CVE-2010-1203">The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.</issue>
  <issue tracker="cve" id="CVE-2010-1205">Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.</issue>
  <issue tracker="cve" id="CVE-2010-1211">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service</issue>
  <issue tracker="cve" id="CVE-2010-1212">js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vector</issue>
  <issue tracker="cve" id="CVE-2010-1213">The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote</issue>
  <issue tracker="cve" id="CVE-2010-1585">The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome</issue>
  <issue tracker="cve" id="CVE-2010-2752">Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading</issue>
  <issue tracker="cve" id="CVE-2010-2753">Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tr</issue>
  <issue tracker="cve" id="CVE-2010-2754">dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a scripts URL in certain circumstances involving a re</issue>
  <issue tracker="cve" id="CVE-2010-2760">Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via ve</issue>
  <issue tracker="cve" id="CVE-2010-2762">The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to </issue>
  <issue tracker="cve" id="CVE-2010-2764">Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to d</issue>
  <issue tracker="cve" id="CVE-2010-2765">Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large</issue>
  <issue tracker="cve" id="CVE-2010-2766">The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow r</issue>
  <issue tracker="cve" id="CVE-2010-2767">The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remot</issue>
  <issue tracker="cve" id="CVE-2010-2768">Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a documents charset, which allows remote atta</issue>
  <issue tracker="cve" id="CVE-2010-2769">Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via </issue>
  <issue tracker="cve" id="CVE-2010-3166">Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitra</issue>
  <issue tracker="cve" id="CVE-2010-3167">The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execut</issue>
  <issue tracker="cve" id="CVE-2010-3168">Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause </issue>
  <issue tracker="cve" id="CVE-2010-3169">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory cor</issue>
  <issue tracker="cve" id="CVE-2010-3170">Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subjects Common Name field of an X.509 certificate, which might allow man-in-the-mid</issue>
  <issue tracker="cve" id="CVE-2010-3173">The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes </issue>
  <issue tracker="cve" id="CVE-2010-3174">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute</issue>
  <issue tracker="cve" id="CVE-2010-3175">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar</issue>
  <issue tracker="cve" id="CVE-2010-3176">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (mem</issue>
  <issue tracker="cve" id="CVE-2010-3178">Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and per</issue>
  <issue tracker="cve" id="CVE-2010-3179">Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or caus</issue>
  <issue tracker="cve" id="CVE-2010-3180">Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the</issue>
  <issue tracker="cve" id="CVE-2010-3182">A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows loc</issue>
  <issue tracker="cve" id="CVE-2010-3183">The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lac</issue>
  <issue tracker="cve" id="CVE-2010-3765">Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to ns</issue>
  <issue tracker="cve" id="CVE-2010-3768">Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating systems font implementation, which allows remo</issue>
  <issue tracker="cve" id="CVE-2010-3769">The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to exe</issue>
  <issue tracker="cve" id="CVE-2010-3776">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory </issue>
  <issue tracker="cve" id="CVE-2010-3777">Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</issue>
  <issue tracker="cve" id="CVE-2010-3778">Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via </issue>
  <issue tracker="cve" id="CVE-2011-0053">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and applicati</issue>
  <issue tracker="cve" id="CVE-2011-0061">Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.</issue>
  <issue tracker="cve" id="CVE-2011-0062">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar</issue>
  <issue tracker="cve" id="CVE-2011-0069">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corrupti</issue>
  <issue tracker="cve" id="CVE-2011-0070">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corrupti</issue>
  <issue tracker="cve" id="CVE-2011-0072">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2011-0074">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2011-0075">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2011-0077">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2011-0078">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application </issue>
  <issue tracker="cve" id="CVE-2011-0080">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and ap</issue>
  <issue tracker="cve" id="CVE-2011-0081">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex</issue>
  <issue tracker="cve" id="CVE-2011-0083">Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of se</issue>
  <issue tracker="cve" id="CVE-2011-0084">The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which</issue>
  <issue tracker="cve" id="CVE-2011-0085">Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the cu</issue>
  <issue tracker="cve" id="CVE-2011-1187">Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."</issue>
  <issue tracker="cve" id="CVE-2011-2362">Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Coo</issue>
  <issue tracker="cve" id="CVE-2011-2363">Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of se</issue>
  <issue tracker="cve" id="CVE-2011-2364">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn</issue>
  <issue tracker="cve" id="CVE-2011-2365">Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn</issue>
  <issue tracker="cve" id="CVE-2011-2371">Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Arra</issue>
  <issue tracker="cve" id="CVE-2011-2372">Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access </issue>
  <issue tracker="cve" id="CVE-2011-2373">Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.</issue>
  <issue tracker="cve" id="CVE-2011-2374">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe</issue>
  <issue tracker="cve" id="CVE-2011-2376">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via </issue>
  <issue tracker="cve" id="CVE-2011-2377">Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x</issue>
  <issue tracker="cve" id="CVE-2011-2985">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application</issue>
  <issue tracker="cve" id="CVE-2011-2986">Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from </issue>
  <issue tracker="cve" id="CVE-2011-2987">Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to ex</issue>
  <issue tracker="cve" id="CVE-2011-2988">Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a de</issue>
  <issue tracker="cve" id="CVE-2011-2989">The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and applicati</issue>
  <issue tracker="cve" id="CVE-2011-2991">The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and appl</issue>
  <issue tracker="cve" id="CVE-2011-2992">The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly e</issue>
  <issue tracker="cve" id="CVE-2011-3000">Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attack</issue>
  <issue tracker="cve" id="CVE-2011-3001">Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a</issue>
  <issue tracker="cve" id="CVE-2011-3005">Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg f</issue>
  <issue tracker="cve" id="CVE-2011-3026">Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.</issue>
  <issue tracker="cve" id="CVE-2011-3062">Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.</issue>
  <issue tracker="cve" id="CVE-2011-3101"></issue>
  <issue tracker="cve" id="CVE-2011-3232">YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.</issue>
  <issue tracker="cve" id="CVE-2011-3648">Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.</issue>
  <issue tracker="cve" id="CVE-2011-3650">Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corrup</issue>
  <issue tracker="cve" id="CVE-2011-3651">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</issue>
  <issue tracker="cve" id="CVE-2011-3652">The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unsp</issue>
  <issue tracker="cve" id="CVE-2011-3654">The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or</issue>
  <issue tracker="cve" id="CVE-2011-3655">Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.</issue>
  <issue tracker="cve" id="CVE-2011-3658">The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have uns</issue>
  <issue tracker="cve" id="CVE-2011-3659">Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChi</issue>
  <issue tracker="cve" id="CVE-2011-3660">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly </issue>
  <issue tracker="cve" id="CVE-2011-3661">YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.</issue>
  <issue tracker="cve" id="CVE-2011-3663">Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.</issue>
  <issue tracker="cve" id="CVE-2012-0441"></issue>
  <issue tracker="cve" id="CVE-2012-0442">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption</issue>
  <issue tracker="cve" id="CVE-2012-0443">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly </issue>
  <issue tracker="cve" id="CVE-2012-0444">Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruptio</issue>
  <issue tracker="cve" id="CVE-2012-0445">Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frames name attribu</issue>
  <issue tracker="cve" id="CVE-2012-0446">Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, relate</issue>
  <issue tracker="cve" id="CVE-2012-0447">Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image th</issue>
  <issue tracker="cve" id="CVE-2012-0449">Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via</issue>
  <issue tracker="cve" id="CVE-2012-0451">CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Poli</issue>
  <issue tracker="cve" id="CVE-2012-0452">Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger fail</issue>
  <issue tracker="cve" id="CVE-2012-0455">Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascrip</issue>
  <issue tracker="cve" id="CVE-2012-0456">The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers</issue>
  <issue tracker="cve" id="CVE-2012-0457">Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x befor</issue>
  <issue tracker="cve" id="CVE-2012-0458">Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dra</issue>
  <issue tracker="cve" id="CVE-2012-0459">The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of se</issue>
  <issue tracker="cve" id="CVE-2012-0460">Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attacke</issue>
  <issue tracker="cve" id="CVE-2012-0461">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 </issue>
  <issue tracker="cve" id="CVE-2012-0462">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a de</issue>
  <issue tracker="cve" id="CVE-2012-0463">The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not </issue>
  <issue tracker="cve" id="CVE-2012-0464">Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows r</issue>
  <issue tracker="cve" id="CVE-2012-0467">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a de</issue>
  <issue tracker="cve" id="CVE-2012-0468">The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors re</issue>
  <issue tracker="cve" id="CVE-2012-0469">Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey </issue>
  <issue tracker="cve" id="CVE-2012-0470">Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows rem</issue>
  <issue tracker="cve" id="CVE-2012-0471">Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script</issue>
  <issue tracker="cve" id="CVE-2012-0472">The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are us</issue>
  <issue tracker="cve" id="CVE-2012-0473">The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with</issue>
  <issue tracker="cve" id="CVE-2012-0474">Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers</issue>
  <issue tracker="cve" id="CVE-2012-0475">Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH</issue>
  <issue tracker="cve" id="CVE-2012-0477">Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary </issue>
  <issue tracker="cve" id="CVE-2012-0478">The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT</issue>
  <issue tracker="cve" id="CVE-2012-0479">Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom X</issue>
  <issue tracker="cve" id="CVE-2012-0759"></issue>
  <issue tracker="cve" id="CVE-2012-1937"></issue>
  <issue tracker="cve" id="CVE-2012-1938"></issue>
  <issue tracker="cve" id="CVE-2012-1940"></issue>
  <issue tracker="cve" id="CVE-2012-1941"></issue>
  <issue tracker="cve" id="CVE-2012-1944"></issue>
  <issue tracker="cve" id="CVE-2012-1945"></issue>
  <issue tracker="cve" id="CVE-2012-1946"></issue>
  <issue tracker="cve" id="CVE-2012-1947"></issue>
  <issue tracker="cve" id="CVE-2012-1948"></issue>
  <issue tracker="cve" id="CVE-2012-1949"></issue>
  <issue tracker="cve" id="CVE-2012-1951"></issue>
  <issue tracker="cve" id="CVE-2012-1952"></issue>
  <issue tracker="cve" id="CVE-2012-1953"></issue>
  <issue tracker="cve" id="CVE-2012-1954"></issue>
  <issue tracker="cve" id="CVE-2012-1955"></issue>
  <issue tracker="cve" id="CVE-2012-1956"></issue>
  <issue tracker="cve" id="CVE-2012-1957"></issue>
  <issue tracker="cve" id="CVE-2012-1958"></issue>
  <issue tracker="cve" id="CVE-2012-1959"></issue>
  <issue tracker="cve" id="CVE-2012-1960"></issue>
  <issue tracker="cve" id="CVE-2012-1961"></issue>
  <issue tracker="cve" id="CVE-2012-1962"></issue>
  <issue tracker="cve" id="CVE-2012-1963"></issue>
  <issue tracker="cve" id="CVE-2012-1967"></issue>
  <issue tracker="cve" id="CVE-2012-1970"></issue>
  <issue tracker="cve" id="CVE-2012-1972"></issue>
  <issue tracker="cve" id="CVE-2012-1973"></issue>
  <issue tracker="cve" id="CVE-2012-1974"></issue>
  <issue tracker="cve" id="CVE-2012-1975"></issue>
  <issue tracker="cve" id="CVE-2012-1976"></issue>
  <issue tracker="cve" id="CVE-2012-3956"></issue>
  <issue tracker="cve" id="CVE-2012-3957"></issue>
  <issue tracker="cve" id="CVE-2012-3958"></issue>
  <issue tracker="cve" id="CVE-2012-3959"></issue>
  <issue tracker="cve" id="CVE-2012-3960"></issue>
  <issue tracker="cve" id="CVE-2012-3961"></issue>
  <issue tracker="cve" id="CVE-2012-3962"></issue>
  <issue tracker="cve" id="CVE-2012-3963"></issue>
  <issue tracker="cve" id="CVE-2012-3964"></issue>
  <issue tracker="cve" id="CVE-2012-3966"></issue>
  <issue tracker="cve" id="CVE-2012-3967"></issue>
  <issue tracker="cve" id="CVE-2012-3968"></issue>
  <issue tracker="cve" id="CVE-2012-3969"></issue>
  <issue tracker="cve" id="CVE-2012-3970"></issue>
  <issue tracker="cve" id="CVE-2012-3971"></issue>
  <issue tracker="cve" id="CVE-2012-3972"></issue>
  <issue tracker="cve" id="CVE-2012-3975"></issue>
  <issue tracker="cve" id="CVE-2012-3978"></issue>
  <issue tracker="cve" id="CVE-2012-3980"></issue>
  <issue tracker="cve" id="CVE-2012-3982"></issue>
  <issue tracker="cve" id="CVE-2012-3983"></issue>
  <issue tracker="cve" id="CVE-2012-3984"></issue>
  <issue tracker="cve" id="CVE-2012-3985"></issue>
  <issue tracker="cve" id="CVE-2012-3986"></issue>
  <issue tracker="cve" id="CVE-2012-3988"></issue>
  <issue tracker="cve" id="CVE-2012-3989"></issue>
  <issue tracker="cve" id="CVE-2012-3990"></issue>
  <issue tracker="cve" id="CVE-2012-3991"></issue>
  <issue tracker="cve" id="CVE-2012-3992"></issue>
  <issue tracker="cve" id="CVE-2012-3993"></issue>
  <issue tracker="cve" id="CVE-2012-3994"></issue>
  <issue tracker="cve" id="CVE-2012-3995"></issue>
  <issue tracker="cve" id="CVE-2012-4179"></issue>
  <issue tracker="cve" id="CVE-2012-4180"></issue>
  <issue tracker="cve" id="CVE-2012-4181"></issue>
  <issue tracker="cve" id="CVE-2012-4182"></issue>
  <issue tracker="cve" id="CVE-2012-4183"></issue>
  <issue tracker="cve" id="CVE-2012-4184"></issue>
  <issue tracker="cve" id="CVE-2012-4185"></issue>
  <issue tracker="cve" id="CVE-2012-4186"></issue>
  <issue tracker="cve" id="CVE-2012-4187"></issue>
  <issue tracker="cve" id="CVE-2012-4188"></issue>
  <issue tracker="cve" id="CVE-2012-4191"></issue>
  <issue tracker="cve" id="CVE-2012-4192"></issue>
  <issue tracker="cve" id="CVE-2012-4193"></issue>
  <issue tracker="cve" id="CVE-2012-4194"></issue>
  <issue tracker="cve" id="CVE-2012-4195"></issue>
  <issue tracker="cve" id="CVE-2012-4196"></issue>
  <issue tracker="cve" id="CVE-2012-4201"></issue>
  <issue tracker="cve" id="CVE-2012-4202"></issue>
  <issue tracker="cve" id="CVE-2012-4204"></issue>
  <issue tracker="cve" id="CVE-2012-4205"></issue>
  <issue tracker="cve" id="CVE-2012-4207"></issue>
  <issue tracker="cve" id="CVE-2012-4208"></issue>
  <issue tracker="cve" id="CVE-2012-4209"></issue>
  <issue tracker="cve" id="CVE-2012-4212"></issue>
  <issue tracker="cve" id="CVE-2012-4213"></issue>
  <issue tracker="cve" id="CVE-2012-4214"></issue>
  <issue tracker="cve" id="CVE-2012-4215"></issue>
  <issue tracker="cve" id="CVE-2012-4216"></issue>
  <issue tracker="cve" id="CVE-2012-4217"></issue>
  <issue tracker="cve" id="CVE-2012-4218"></issue>
  <issue tracker="cve" id="CVE-2012-5829"></issue>
  <issue tracker="cve" id="CVE-2012-5830"></issue>
  <issue tracker="cve" id="CVE-2012-5833"></issue>
  <issue tracker="cve" id="CVE-2012-5835"></issue>
  <issue tracker="cve" id="CVE-2012-5836"></issue>
  <issue tracker="cve" id="CVE-2012-5837"></issue>
  <issue tracker="cve" id="CVE-2012-5838"></issue>
  <issue tracker="cve" id="CVE-2012-5839"></issue>
  <issue tracker="cve" id="CVE-2012-5840"></issue>
  <issue tracker="cve" id="CVE-2012-5841"></issue>
  <issue tracker="cve" id="CVE-2012-5842"></issue>
  <issue tracker="cve" id="CVE-2012-5843"></issue>
  <issue tracker="cve" id="CVE-2013-0743"></issue>
  <issue tracker="cve" id="CVE-2013-0744"></issue>
  <issue tracker="cve" id="CVE-2013-0745"></issue>
  <issue tracker="cve" id="CVE-2013-0746"></issue>
  <issue tracker="cve" id="CVE-2013-0747"></issue>
  <issue tracker="cve" id="CVE-2013-0748"></issue>
  <issue tracker="cve" id="CVE-2013-0749"></issue>
  <issue tracker="cve" id="CVE-2013-0750"></issue>
  <issue tracker="cve" id="CVE-2013-0752"></issue>
  <issue tracker="cve" id="CVE-2013-0753"></issue>
  <issue tracker="cve" id="CVE-2013-0754"></issue>
  <issue tracker="cve" id="CVE-2013-0755"></issue>
  <issue tracker="cve" id="CVE-2013-0756"></issue>
  <issue tracker="cve" id="CVE-2013-0757"></issue>
  <issue tracker="cve" id="CVE-2013-0758"></issue>
  <issue tracker="cve" id="CVE-2013-0760"></issue>
  <issue tracker="cve" id="CVE-2013-0761"></issue>
  <issue tracker="cve" id="CVE-2013-0762"></issue>
  <issue tracker="cve" id="CVE-2013-0763"></issue>
  <issue tracker="cve" id="CVE-2013-0764"></issue>
  <issue tracker="cve" id="CVE-2013-0766"></issue>
  <issue tracker="cve" id="CVE-2013-0767"></issue>
  <issue tracker="cve" id="CVE-2013-0768"></issue>
  <issue tracker="cve" id="CVE-2013-0769"></issue>
  <issue tracker="cve" id="CVE-2013-0770"></issue>
  <issue tracker="cve" id="CVE-2013-0771"></issue>
  <issue tracker="cve" id="CVE-2013-0773"></issue>
  <issue tracker="cve" id="CVE-2013-0774"></issue>
  <issue tracker="cve" id="CVE-2013-0775"></issue>
  <issue tracker="cve" id="CVE-2013-0776"></issue>
  <issue tracker="cve" id="CVE-2013-0780"></issue>
  <issue tracker="cve" id="CVE-2013-0782"></issue>
  <issue tracker="cve" id="CVE-2013-0783"></issue>
  <issue tracker="cve" id="CVE-2013-0787"></issue>
  <issue tracker="cve" id="CVE-2013-0788"></issue>
  <issue tracker="cve" id="CVE-2013-0789"></issue>
  <issue tracker="cve" id="CVE-2013-0793"></issue>
  <issue tracker="cve" id="CVE-2013-0795"></issue>
  <issue tracker="cve" id="CVE-2013-0796"></issue>
  <issue tracker="cve" id="CVE-2013-0800"></issue>
  <issue tracker="cve" id="CVE-2013-0801"></issue>
  <issue tracker="cve" id="CVE-2013-1669"></issue>
  <issue tracker="cve" id="CVE-2013-1670"></issue>
  <issue tracker="cve" id="CVE-2013-1674"></issue>
  <issue tracker="cve" id="CVE-2013-1675"></issue>
  <issue tracker="cve" id="CVE-2013-1676"></issue>
  <issue tracker="cve" id="CVE-2013-1677"></issue>
  <issue tracker="cve" id="CVE-2013-1678"></issue>
  <issue tracker="cve" id="CVE-2013-1679"></issue>
  <issue tracker="cve" id="CVE-2013-1680"></issue>
  <issue tracker="cve" id="CVE-2013-1681"></issue>
  <issue tracker="cve" id="CVE-2013-1682"></issue>
  <issue tracker="cve" id="CVE-2013-1684"></issue>
  <issue tracker="cve" id="CVE-2013-1685"></issue>
  <issue tracker="cve" id="CVE-2013-1686"></issue>
  <issue tracker="cve" id="CVE-2013-1687"></issue>
  <issue tracker="cve" id="CVE-2013-1690"></issue>
  <issue tracker="cve" id="CVE-2013-1692"></issue>
  <issue tracker="cve" id="CVE-2013-1693"></issue>
  <issue tracker="cve" id="CVE-2013-1694"></issue>
  <issue tracker="cve" id="CVE-2013-1697"></issue>
  <issue tracker="cve" id="CVE-2013-1701"></issue>
  <issue tracker="cve" id="CVE-2013-1709"></issue>
  <issue tracker="cve" id="CVE-2013-1710"></issue>
  <issue tracker="cve" id="CVE-2013-1713"></issue>
  <issue tracker="cve" id="CVE-2013-1714"></issue>
  <issue tracker="cve" id="CVE-2013-1717"></issue>
  <issue tracker="cve" id="CVE-2013-1718"></issue>
  <issue tracker="cve" id="CVE-2013-1719"></issue>
  <issue tracker="cve" id="CVE-2013-1720"></issue>
  <issue tracker="cve" id="CVE-2013-1722"></issue>
  <issue tracker="cve" id="CVE-2013-1723"></issue>
  <issue tracker="cve" id="CVE-2013-1724"></issue>
  <issue tracker="cve" id="CVE-2013-1725"></issue>
  <issue tracker="cve" id="CVE-2013-1728"></issue>
  <issue tracker="cve" id="CVE-2013-1730"></issue>
  <issue tracker="cve" id="CVE-2013-1732"></issue>
  <issue tracker="cve" id="CVE-2013-1735"></issue>
  <issue tracker="cve" id="CVE-2013-1736"></issue>
  <issue tracker="cve" id="CVE-2013-1737"></issue>
  <issue tracker="cve" id="CVE-2013-1738"></issue>
  <issue tracker="cve" id="CVE-2013-5590"></issue>
  <issue tracker="cve" id="CVE-2013-5591"></issue>
  <issue tracker="cve" id="CVE-2013-5592"></issue>
  <issue tracker="cve" id="CVE-2013-5593"></issue>
  <issue tracker="cve" id="CVE-2013-5595"></issue>
  <issue tracker="cve" id="CVE-2013-5596"></issue>
  <issue tracker="cve" id="CVE-2013-5597"></issue>
  <issue tracker="cve" id="CVE-2013-5599"></issue>
  <issue tracker="cve" id="CVE-2013-5600"></issue>
  <issue tracker="cve" id="CVE-2013-5601"></issue>
  <issue tracker="cve" id="CVE-2013-5602"></issue>
  <issue tracker="cve" id="CVE-2013-5603"></issue>
  <issue tracker="cve" id="CVE-2013-5604"></issue>
  <issue tracker="cve" id="CVE-2013-5609"></issue>
  <issue tracker="cve" id="CVE-2013-5610"></issue>
  <issue tracker="cve" id="CVE-2013-5613"></issue>
  <issue tracker="cve" id="CVE-2013-5615"></issue>
  <issue tracker="cve" id="CVE-2013-5616"></issue>
  <issue tracker="cve" id="CVE-2013-5618"></issue>
  <issue tracker="cve" id="CVE-2013-6629"></issue>
  <issue tracker="cve" id="CVE-2013-6630"></issue>
  <issue tracker="cve" id="CVE-2013-6671"></issue>
  <issue tracker="cve" id="CVE-2013-6673"></issue>
  <issue tracker="cve" id="CVE-2014-1477"></issue>
  <issue tracker="cve" id="CVE-2014-1478"></issue>
  <issue tracker="cve" id="CVE-2014-1479"></issue>
  <issue tracker="cve" id="CVE-2014-1481"></issue>
  <issue tracker="cve" id="CVE-2014-1482"></issue>
  <issue tracker="cve" id="CVE-2014-1486"></issue>
  <issue tracker="cve" id="CVE-2014-1487"></issue>
  <issue tracker="cve" id="CVE-2014-1490"></issue>
  <issue tracker="cve" id="CVE-2014-1491"></issue>
  <issue tracker="cve" id="CVE-2014-1493"></issue>
  <issue tracker="cve" id="CVE-2014-1494"></issue>
  <issue tracker="cve" id="CVE-2014-1497"></issue>
  <issue tracker="cve" id="CVE-2014-1505"></issue>
  <issue tracker="cve" id="CVE-2014-1508"></issue>
  <issue tracker="cve" id="CVE-2014-1509"></issue>
  <issue tracker="cve" id="CVE-2014-1510"></issue>
  <issue tracker="cve" id="CVE-2014-1511"></issue>
  <issue tracker="cve" id="CVE-2014-1512"></issue>
  <issue tracker="cve" id="CVE-2014-1513"></issue>
  <issue tracker="cve" id="CVE-2014-1514"></issue>
  <issue tracker="cve" id="CVE-2014-1518"></issue>
  <issue tracker="cve" id="CVE-2014-1523"></issue>
  <issue tracker="cve" id="CVE-2014-1524"></issue>
  <issue tracker="cve" id="CVE-2014-1529"></issue>
  <issue tracker="cve" id="CVE-2014-1530"></issue>
  <issue tracker="cve" id="CVE-2014-1531"></issue>
  <issue tracker="cve" id="CVE-2014-1532"></issue>
  <issue tracker="cve" id="CVE-2014-1533"></issue>
  <issue tracker="cve" id="CVE-2014-1534"></issue>
  <issue tracker="cve" id="CVE-2014-1536"></issue>
  <issue tracker="cve" id="CVE-2014-1537"></issue>
  <issue tracker="cve" id="CVE-2014-1538"></issue>
  <issue tracker="cve" id="CVE-2014-1541"></issue>
  <issue tracker="cve" id="CVE-2014-1544"></issue>
  <issue tracker="cve" id="CVE-2014-1545"></issue>
  <issue tracker="cve" id="CVE-2014-1547"></issue>
  <issue tracker="cve" id="CVE-2014-1548"></issue>
  <issue tracker="cve" id="CVE-2014-1555"></issue>
  <issue tracker="cve" id="CVE-2014-1556"></issue>
  <issue tracker="cve" id="CVE-2014-1557"></issue>
  <issue tracker="bmo" id="1000185"></issue>
  <issue tracker="bmo" id="1000598"></issue>
  <issue tracker="bmo" id="1000960"></issue>
  <issue tracker="bmo" id="1002340"></issue>
  <issue tracker="bmo" id="1005578"></issue>
  <issue tracker="bmo" id="1005584"></issue>
  <issue tracker="bmo" id="1007223"></issue>
  <issue tracker="bmo" id="1009952"></issue>
  <issue tracker="bmo" id="1011007"></issue>
  <issue tracker="bmo" id="1018783"></issue>
  <issue tracker="bmo" id="1023121"></issue>
  <issue tracker="bmo" id="1028891"></issue>
  <issue tracker="bmo" id="1054359"></issue>
  <issue tracker="bmo" id="389732">GetHandlerAppFromPrefs still partially used in unix helper app service</issue>
  <issue tracker="bmo" id="398702">Thunderbirds File, Edit and View menus are hidden with some Lightning + other extensions combinations - Error: document.getElementById("show-completed-checkbox") is null Fichier Source : chrome://calendar/content/calendar-unifinder-todo.js Line : 61</issue>
  <issue tracker="bmo" id="399589">PSM + tip of NSS, error ‘SECAlgorithmIDTemplate’ not declared</issue>
  <issue tracker="bmo" id="406541"></issue>
  <issue tracker="bmo" id="436741">"Assertion failure: OBJ_IS_NATIVE(obj)" with __proto__ mangling</issue>
  <issue tracker="bmo" id="453689">Firefox needs to register the proper name with session management for restart</issue>
  <issue tracker="bmo" id="453915">XML injection possible in E4X parsing via "default xml namespace"</issue>
  <issue tracker="bmo" id="456896">[FIX]Crash [@ nsFrameManager::GetPrimaryFrameFor] with invalid input type (ZDI-CAN-390)</issue>
  <issue tracker="bmo" id="460002">Its possible to circumvent the inner window check in nsXMLHttpRequest::NotifyEventListeners()</issue>
  <issue tracker="bmo" id="490790">XMLDocument::load() doesnt check nsIContentPolicy</issue>
  <issue tracker="bmo" id="493541">jemalloc integration cause crashes when libraries or plugins dlopen with RTLD_DEEPBIND</issue>
  <issue tracker="bmo" id="495392">Crash when pasted selection contains data from java [@libc-2.10.1.so@0x729b8 ][@ nsClipboard::HasDataMatchingFlavors] [@ nsHTMLEditor::HavePrivateHTMLFlavor]</issue>
  <issue tracker="bmo" id="508986">XSMP session restore doesnt work</issue>
  <issue tracker="bmo" id="520189">Copy-and-paste or drag-and-drop into designMode document allows XSS</issue>
  <issue tracker="bmo" id="524223">Cross-domain data theft using CSS</issue>
  <issue tracker="bmo" id="527276">[@font-face] investigate support for OpenType sanitizer library</issue>
  <issue tracker="bmo" id="534666">Heap buffer overflow and crash [@ nsGenericDOMDataNode::SetTextInternal] on 64-bit</issue>
  <issue tracker="bmo" id="538308">nsTreeContentView Dangling Pointer Vulnerability (ZDI-CAN-633)</issue>
  <issue tracker="bmo" id="540100">nsTreeSelection EventListener Use-after-free Remote Code Execution Vulnerability (ZDI-CAN-669)</issue>
  <issue tracker="bmo" id="545755">Update Mozilla stable branches to NSS 3.12.6 and minimal support for RFC 5746</issue>
  <issue tracker="bmo" id="552090">XHR Cross Site Status leak from xhr.statusText</issue>
  <issue tracker="bmo" id="554255">XSLT Sort Remote Code Execution Vulnerability (ZDI-CAN-747)</issue>
  <issue tracker="bmo" id="555109">Move wrappers to new scope even if their parent hasnt been moved yet (ZDI-CAN-761)</issue>
  <issue tracker="bmo" id="562547">ParanoidFragmentSinks allow javascript: urls in chrome documents</issue>
  <issue tracker="bmo" id="568148">Combining "importScripts" of WebWorker with E4X causes information disclosure</issue>
  <issue tracker="bmo" id="568564">Suppress the script filename for cross-origin error events (SA39925)</issue>
  <issue tracker="bmo" id="570451">segmentation fault when viewing a malformed PNG image</issue>
  <issue tracker="bmo" id="571106">nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (ZDI-CAN-755)</issue>
  <issue tracker="bmo" id="574059">nsCSSValue::Array index integer overflow (can lead to remote code execution via CSS font-face) (ZDI-CAN-831)</issue>
  <issue tracker="bmo" id="575294"></issue>
  <issue tracker="bmo" id="576070">nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability (ZDI-CAN-804)</issue>
  <issue tracker="bmo" id="576075">tree Object Removal Remote Code Execution Vulnerability (ZDI-CAN-817)</issue>
  <issue tracker="bmo" id="576365">Thunderbird 3.1  wont play sound   ( 3.0.5 works fine!!!)</issue>
  <issue tracker="bmo" id="576447">FRAMESET integer overflow via new operator in nsHTMLFrameSetElement::ParseRowCol()</issue>
  <issue tracker="bmo" id="576616">cross-site information disclosure via modal calls</issue>
  <issue tracker="bmo" id="578697">Browser Wildcard Certificate Validation Issue</issue>
  <issue tracker="bmo" id="579655">heap overflow in text runs - crash [@ nsTextFrameUtils::TransformText]</issue>
  <issue tracker="bmo" id="579744">UTF-7 Universal XSS by overriding document charset using &lt;object&gt; type attribute</issue>
  <issue tracker="bmo" id="580445">normalizeDocument Remote Code Execution Vulnerability (ZDI-CAN-866)</issue>
  <issue tracker="bmo" id="583077">Buffer overflow due to uniscribe failure on long text runs</issue>
  <issue tracker="bmo" id="584180">SJOWs create scope chains ending in outer objects</issue>
  <issue tracker="bmo" id="584512">nsPluginArray - memory corruption</issue>
  <issue tracker="bmo" id="585815">Possible unfixed nsTreeSelection dangling pointer issues from bug 571106 (ZDI-CAN-903)</issue>
  <issue tracker="bmo" id="588929">Use after free - nsBarProp</issue>
  <issue tracker="bmo" id="590753">Insecure handling of LD_LIBRARY_PATH by run-mozilla.sh</issue>
  <issue tracker="bmo" id="598669">LookupGetterOrSetter Remote Code Execution Vulnerability (ZDI-CAN-929)</issue>
  <issue tracker="bmo" id="607222">Interleaving document.write and appendChild can lead to duplicate text frames and overrunning of text run buffers</issue>
  <issue tracker="bmo" id="608336">CRITICAL BUG when calling document.write()</issue>
  <issue tracker="bmo" id="610601">Firefox crash [@ ycc_rgb_convert] [@ ycc_rgb_convert_argb] on image with src set to a resource with multipart/x-mixed-replace content type [Access Violation]</issue>
  <issue tracker="bmo" id="616264">Cookies set for www.foo.com. are sent to www.foo.com</issue>
  <issue tracker="bmo" id="617247">Use after free (in nsXULProtypeScript?) when viewing xul document w/JS disabled</issue>
  <issue tracker="bmo" id="624621"></issue>
  <issue tracker="bmo" id="638018">[1.9.2] crash [@ ycc_rgb_convert] on image with src set to a resource with multipart/x-mixed-replace content type</issue>
  <issue tracker="bmo" id="639303">FF4 crashes on multipart image/motion jpeg stream changing image size [@ @0x0 | mozilla::imagelib::Decoder::Finish() ]</issue>
  <issue tracker="bmo" id="648094">Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability (ZDI-CAN-1143)</issue>
  <issue tracker="bmo" id="655389">CRLF Injection and the parsing of HTTP headers</issue>
  <issue tracker="bmo" id="655649"></issue>
  <issue tracker="bmo" id="655836"></issue>
  <issue tracker="bmo" id="664009">Array.reduceRight() info leak and potential code execution</issue>
  <issue tracker="bmo" id="665934">GrowAtomTable() return code not checked, crash due to ANGLE</issue>
  <issue tracker="bmo" id="665936">string crash found while fuzzing WebGL shaders</issue>
  <issue tracker="bmo" id="670514"></issue>
  <issue tracker="bmo" id="672182"></issue>
  <issue tracker="bmo" id="674776"></issue>
  <issue tracker="bmo" id="675747"></issue>
  <issue tracker="bmo" id="682927">Dis-trust DigiNotar root certificate</issue>
  <issue tracker="bmo" id="683449">Remove the exemptions for the Staat der Nederlanden root</issue>
  <issue tracker="bmo" id="687745"></issue>
  <issue tracker="bmo" id="690225"></issue>
  <issue tracker="bmo" id="690267">Insert|Insert Characters and symbols not working - no options in drop-downs.</issue>
  <issue tracker="bmo" id="690290">Disable the whats new tab for users updating from 7.0 to 7.0.1</issue>
  <issue tracker="bmo" id="691299"></issue>
  <issue tracker="bmo" id="691898"></issue>
  <issue tracker="bmo" id="694576"></issue>
  <issue tracker="bmo" id="701071"></issue>
  <issue tracker="bmo" id="701259"></issue>
  <issue tracker="bmo" id="701806"></issue>
  <issue tracker="bmo" id="702466"></issue>
  <issue tracker="bmo" id="703534"></issue>
  <issue tracker="bmo" id="704354"></issue>
  <issue tracker="bmo" id="704482"></issue>
  <issue tracker="bmo" id="705651"></issue>
  <issue tracker="bmo" id="708186"></issue>
  <issue tracker="bmo" id="708198"></issue>
  <issue tracker="bmo" id="710079"></issue>
  <issue tracker="bmo" id="711043"></issue>
  <issue tracker="bmo" id="711653"></issue>
  <issue tracker="bmo" id="714631"></issue>
  <issue tracker="bmo" id="715073"></issue>
  <issue tracker="bmo" id="715319"></issue>
  <issue tracker="bmo" id="717511"></issue>
  <issue tracker="bmo" id="718573"></issue>
  <issue tracker="bmo" id="719612"></issue>
  <issue tracker="bmo" id="720619"></issue>
  <issue tracker="bmo" id="723446"></issue>
  <issue tracker="bmo" id="724284"></issue>
  <issue tracker="bmo" id="725770"></issue>
  <issue tracker="bmo" id="727303"></issue>
  <issue tracker="bmo" id="727401"></issue>
  <issue tracker="bmo" id="727547"></issue>
  <issue tracker="bmo" id="733305"></issue>
  <issue tracker="bmo" id="733731"></issue>
  <issue tracker="bmo" id="734288"></issue>
  <issue tracker="bmo" id="735940"></issue>
  <issue tracker="bmo" id="737307"></issue>
  <issue tracker="bmo" id="737559"></issue>
  <issue tracker="bmo" id="737646"></issue>
  <issue tracker="bmo" id="738397"></issue>
  <issue tracker="bmo" id="738985"></issue>
  <issue tracker="bmo" id="739146"></issue>
  <issue tracker="bmo" id="739925"></issue>
  <issue tracker="bmo" id="743475"></issue>
  <issue tracker="bmo" id="744480"></issue>
  <issue tracker="bmo" id="746855"></issue>
  <issue tracker="bmo" id="747607"></issue>
  <issue tracker="bmo" id="748090"></issue>
  <issue tracker="bmo" id="748432"></issue>
  <issue tracker="bmo" id="748726"></issue>
  <issue tracker="bmo" id="748865"></issue>
  <issue tracker="bmo" id="748997"></issue>
  <issue tracker="bmo" id="750096"></issue>
  <issue tracker="bmo" id="750109"></issue>
  <issue tracker="bmo" id="750820"></issue>
  <issue tracker="bmo" id="751422"></issue>
  <issue tracker="bmo" id="754044"></issue>
  <issue tracker="bmo" id="756719"></issue>
  <issue tracker="bmo" id="757376"></issue>
  <issue tracker="bmo" id="758200"></issue>
  <issue tracker="bmo" id="758344"></issue>
  <issue tracker="bmo" id="761014"></issue>
  <issue tracker="bmo" id="761655"></issue>
  <issue tracker="bmo" id="764296"></issue>
  <issue tracker="bmo" id="765527"></issue>
  <issue tracker="bmo" id="767778"></issue>
  <issue tracker="bmo" id="768101"></issue>
  <issue tracker="bmo" id="770429"></issue>
  <issue tracker="bmo" id="770684"></issue>
  <issue tracker="bmo" id="771859"></issue>
  <issue tracker="bmo" id="775009"></issue>
  <issue tracker="bmo" id="775793"></issue>
  <issue tracker="bmo" id="775794"></issue>
  <issue tracker="bmo" id="775868"></issue>
  <issue tracker="bmo" id="776877"></issue>
  <issue tracker="bmo" id="778603"></issue>
  <issue tracker="bmo" id="779821"></issue>
  <issue tracker="bmo" id="780370"></issue>
  <issue tracker="bmo" id="783260"></issue>
  <issue tracker="bmo" id="783867"></issue>
  <issue tracker="bmo" id="787704"></issue>
  <issue tracker="bmo" id="792405"></issue>
  <issue tracker="bmo" id="792857"></issue>
  <issue tracker="bmo" id="793121"></issue>
  <issue tracker="bmo" id="794158"></issue>
  <issue tracker="bmo" id="796475"></issue>
  <issue tracker="bmo" id="798045"></issue>
  <issue tracker="bmo" id="798264"></issue>
  <issue tracker="bmo" id="799952"></issue>
  <issue tracker="bmo" id="800363"></issue>
  <issue tracker="bmo" id="800666"></issue>
  <issue tracker="bmo" id="801681"></issue>
  <issue tracker="bmo" id="802026"></issue>
  <issue tracker="bmo" id="802557"></issue>
  <issue tracker="bmo" id="803870"></issue>
  <issue tracker="bmo" id="804237"></issue>
  <issue tracker="bmo" id="805024"></issue>
  <issue tracker="bmo" id="805121"></issue>
  <issue tracker="bmo" id="805807"></issue>
  <issue tracker="bmo" id="806031"></issue>
  <issue tracker="bmo" id="809652"></issue>
  <issue tracker="bmo" id="813901"></issue>
  <issue tracker="bmo" id="813906"></issue>
  <issue tracker="bmo" id="814001"></issue>
  <issue tracker="bmo" id="814026"></issue>
  <issue tracker="bmo" id="814027"></issue>
  <issue tracker="bmo" id="814029"></issue>
  <issue tracker="bmo" id="814713"></issue>
  <issue tracker="bmo" id="815795"></issue>
  <issue tracker="bmo" id="816842"></issue>
  <issue tracker="bmo" id="825697"></issue>
  <issue tracker="bmo" id="825721"></issue>
  <issue tracker="bmo" id="827106"></issue>
  <issue tracker="bmo" id="827193"></issue>
  <issue tracker="bmo" id="831095"></issue>
  <issue tracker="bmo" id="838253"></issue>
  <issue tracker="bmo" id="848535"></issue>
  <issue tracker="bmo" id="848644"></issue>
  <issue tracker="bmo" id="851353"></issue>
  <issue tracker="bmo" id="853709"></issue>
  <issue tracker="bmo" id="857883"></issue>
  <issue tracker="bmo" id="858101"></issue>
  <issue tracker="bmo" id="860971"></issue>
  <issue tracker="bmo" id="863933"></issue>
  <issue tracker="bmo" id="866823"></issue>
  <issue tracker="bmo" id="866825"></issue>
  <issue tracker="bmo" id="866915"></issue>
  <issue tracker="bmo" id="868327"></issue>
  <issue tracker="bmo" id="871368"></issue>
  <issue tracker="bmo" id="876762"></issue>
  <issue tracker="bmo" id="879787"></issue>
  <issue tracker="bmo" id="882897"></issue>
  <issue tracker="bmo" id="883514"></issue>
  <issue tracker="bmo" id="883686"></issue>
  <issue tracker="bmo" id="886095"></issue>
  <issue tracker="bmo" id="887098"></issue>
  <issue tracker="bmo" id="887334"></issue>
  <issue tracker="bmo" id="888820"></issue>
  <issue tracker="bmo" id="891292"></issue>
  <issue tracker="bmo" id="891693"></issue>
  <issue tracker="bmo" id="893308"></issue>
  <issue tracker="bmo" id="894137"></issue>
  <issue tracker="bmo" id="895557"></issue>
  <issue tracker="bmo" id="897678"></issue>
  <issue tracker="bmo" id="898871"></issue>
  <issue tracker="bmo" id="906301"></issue>
  <issue tracker="bmo" id="907727"></issue>
  <issue tracker="bmo" id="910881"></issue>
  <issue tracker="bmo" id="911864"></issue>
  <issue tracker="bmo" id="913785"></issue>
  <issue tracker="bmo" id="913805"></issue>
  <issue tracker="bmo" id="914017"></issue>
  <issue tracker="bmo" id="915210"></issue>
  <issue tracker="bmo" id="915576"></issue>
  <issue tracker="bmo" id="916404"></issue>
  <issue tracker="bmo" id="916580"></issue>
  <issue tracker="bmo" id="916685"></issue>
  <issue tracker="bmo" id="917955"></issue>
  <issue tracker="bmo" id="918864"></issue>
  <issue tracker="bmo" id="921622"></issue>
  <issue tracker="bmo" id="926361"></issue>
  <issue tracker="bmo" id="927073"></issue>
  <issue tracker="bmo" id="929261"></issue>
  <issue tracker="bmo" id="930281"></issue>
  <issue tracker="bmo" id="930381"></issue>
  <issue tracker="bmo" id="930857"></issue>
  <issue tracker="bmo" id="930874"></issue>
  <issue tracker="bmo" id="932449"></issue>
  <issue tracker="bmo" id="934545"></issue>
  <issue tracker="bmo" id="936056"></issue>
  <issue tracker="bmo" id="938341"></issue>
  <issue tracker="bmo" id="941887"></issue>
  <issue tracker="bmo" id="942164"></issue>
  <issue tracker="bmo" id="943803"></issue>
  <issue tracker="bmo" id="946351"></issue>
  <issue tracker="bmo" id="947592"></issue>
  <issue tracker="bmo" id="963150"></issue>
  <issue tracker="bmo" id="963198"></issue>
  <issue tracker="bmo" id="966006"></issue>
  <issue tracker="bmo" id="966021"></issue>
  <issue tracker="bmo" id="966311"></issue>
  <issue tracker="bmo" id="967354"></issue>
  <issue tracker="bmo" id="969226"></issue>
  <issue tracker="bmo" id="969517"></issue>
  <issue tracker="bmo" id="969549"></issue>
  <issue tracker="bmo" id="970380"></issue>
  <issue tracker="bmo" id="973874"></issue>
  <issue tracker="bmo" id="978652"></issue>
  <issue tracker="bmo" id="978811"></issue>
  <issue tracker="bmo" id="982906"></issue>
  <issue tracker="bmo" id="982909"></issue>
  <issue tracker="bmo" id="982957"></issue>
  <issue tracker="bmo" id="982974"></issue>
  <issue tracker="bmo" id="983344"></issue>
  <issue tracker="bmo" id="987003"></issue>
  <issue tracker="bmo" id="987140"></issue>
  <issue tracker="bmo" id="988719"></issue>
  <issue tracker="bmo" id="989183"></issue>
  <issue tracker="bmo" id="989994"></issue>
  <issue tracker="bmo" id="990868"></issue>
  <issue tracker="bmo" id="991981"></issue>
  <issue tracker="bmo" id="992274"></issue>
  <issue tracker="bmo" id="994907"></issue>
  <issue tracker="bmo" id="995679"></issue>
  <issue tracker="bmo" id="995816"></issue>
  <issue tracker="bmo" id="995817"></issue>
  <issue tracker="bmo" id="996536"></issue>
  <issue tracker="bmo" id="996715"></issue>
  <issue tracker="bmo" id="999274"></issue>
  <issue tracker="bmo" id="999651"></issue>
  <issue tracker="bnc" id="104586">firefox crashs upon save</issue>
  <issue tracker="bnc" id="354469">VUL-0: MozillaFirefox: 2.0.0.12 release</issue>
  <issue tracker="bnc" id="385739">thunderbird should use hunspell, not myspell</issue>
  <issue tracker="bnc" id="390992">mozilla-xulrunner181 and MozillaThunderbird not at latest security fix level</issue>
  <issue tracker="bnc" id="417869">VUL-0: Thunderbird 2.0.0.12 needs to be upgraded</issue>
  <issue tracker="bnc" id="41903">mozilla and more computers</issue>
  <issue tracker="bnc" id="429179">VUL-0: MozillaFirefox 3.0.2 / 2.0.0.17 / Seamonkey 1.1.12</issue>
  <issue tracker="bnc" id="439841">VUL-0: Gecko 1.8.1.18/1.9.0.4 (Firefox 2.0.0.18/3.0.4) etc</issue>
  <issue tracker="bnc" id="441084">gpg does not work anymore after update</issue>
  <issue tracker="bnc" id="455804">VUL-0: Firefox 3.0.5 / 2.0.0.19 update</issue>
  <issue tracker="bnc" id="484321">VUL-0: mozillathunderbird 2.0.0.21 update</issue>
  <issue tracker="bnc" id="503151">firefox crashes in glibcs nss because of the jemalloc integration</issue>
  <issue tracker="bnc" id="518603">Firefox 3.5 broken startup notification</issue>
  <issue tracker="bnc" id="527418">Platform File Picker ignores gtk-alternative-button-order configuration</issue>
  <issue tracker="bnc" id="528406">Thunderbird does not handle XSMP restore as expected</issue>
  <issue tracker="bnc" id="529180">Split mozilla-xulrunner191-translations</issue>
  <issue tracker="bnc" id="542809">smtp auth error in TB3.0b4 (cs locale)</issue>
  <issue tracker="bnc" id="559819">Upgrade Thunderbird to final 3.0 version</issue>
  <issue tracker="bnc" id="576969">VUL-0: Firefox 3.5.8 / Firefox 3.0.18</issue>
  <issue tracker="bnc" id="582276">thunderbird 3.0.1 buffer overflow, terminates when starting new mail</issue>
  <issue tracker="bnc" id="586567">VUL-0: Mozilla Firefox 3.5.9/3.6.2</issue>
  <issue tracker="bnc" id="593807">[mozilla:Factory/MozillaThunderbird] Thunderbird republishes every time even without changes</issue>
  <issue tracker="bnc" id="603356">VUL-0: Firefox 3.5.10 / 3.6.4</issue>
  <issue tracker="bnc" id="622506">VUL-0: Firefox 3.5.11 / 3.6.7</issue>
  <issue tracker="bnc" id="637303">VUL-0: Mozilla Firefox 3.5.12/3.6.9 ...</issue>
  <issue tracker="bnc" id="642502">MozillaThunderbird: /usr/bin/thunderbird insecure LD_LIBRARY_PATH</issue>
  <issue tracker="bnc" id="645315">VUL-0: Mozilla Firefox 3.6.11 / 3.5.14</issue>
  <issue tracker="bnc" id="649492">VUL-0: MozillaFirefox: 3.6.12/3.5.15 fixes remote vulnerability in firefox</issue>
  <issue tracker="bnc" id="657016">VUL-0: MozillaFirefox: 3.6.13/3.5.16 fixes security issues</issue>
  <issue tracker="bnc" id="664211">firefox (and thunderbird) .desktop should be renamed</issue>
  <issue tracker="bnc" id="667155">VUL-0: MozillaFirefox 3.5.17/3.6.14</issue>
  <issue tracker="bnc" id="689281">VUL-0: Mozilla Firefox 3.6.17 / 4.0.1</issue>
  <issue tracker="bnc" id="701296">VUL-0: Mozilla Firefox 3.6.18 / 5</issue>
  <issue tracker="bnc" id="712224">VUL-0: MozillaFirefox 6 / 3.6.20 security update round</issue>
  <issue tracker="bnc" id="714931">VUL-0: MozillaFirefox 6.0.2 / 3.6.22 security update (chemspill)</issue>
  <issue tracker="bnc" id="720264">VUL-0: Firefox 7 / 3.6.23 and other Mozilla apps</issue>
  <issue tracker="bnc" id="726758">Thunderbird icon is broken until gtk icon cache is manually refreshed</issue>
  <issue tracker="bnc" id="728520">Firefox 8 / 3.6.24 and other mozilla apps</issue>
  <issue tracker="bnc" id="732898">Firefox is not accessible</issue>
  <issue tracker="bnc" id="733002">Thunderbird/Enigmail is endless accessing PGP Keyserver</issue>
  <issue tracker="bnc" id="737533">VUL-0: MozillaFirefox 9 / 3.6.25 and other mozilla apps</issue>
  <issue tracker="bnc" id="744275">VUL-0: MozillaFirefox 10 / 3.6.26 and other mozilla apps</issue>
  <issue tracker="bnc" id="746616">VUL-0: CVE-2012-0452 MozillaFirefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)</issue>
  <issue tracker="bnc" id="747328">VUL-0: MozillaFirefox: 10.0.2 / 3.6.27(?) release for libpng issue</issue>
  <issue tracker="bnc" id="749440">KDE filemanager is lost in Thunderbird with Update to version 10</issue>
  <issue tracker="bnc" id="750044">VUL-0: MozillaFirefox 11 / 10.0.3esr etc</issue>
  <issue tracker="bnc" id="755060">Mozilla Thunderbird hangs frequently after update to 11.0</issue>
  <issue tracker="bnc" id="758408">VUL-0: MozillaFirefox 12 / 10.0.4esr etc</issue>
  <issue tracker="bnc" id="765204">VUL-0: MozillaFirefox 13/10.0.5esr and other Gecko users</issue>
  <issue tracker="bnc" id="771583">VUL-0: MozillaFirefox 14/10.0.6ESR security update round</issue>
  <issue tracker="bnc" id="777588">VUL-0: MozillaFirefox 15/10.0.7ESR security release</issue>
  <issue tracker="bnc" id="783533">VUL-0: MozillaFirefox 16/10.0.8ESR security release</issue>
  <issue tracker="bnc" id="786522">VUL-0: MozillaFirefox 16.0.2/10.0.10 security release</issue>
  <issue tracker="bnc" id="790140">VUL-0: MozillaFirefox 17.0/10.0.11 security release</issue>
  <issue tracker="bnc" id="796895">VUL-0: Mozilla Firefox 18 / 10.0.12 etc</issue>
  <issue tracker="bnc" id="804248">VUL-0: MozillaFirefox 19 / 17.0.3</issue>
  <issue tracker="bnc" id="808243">VUL-0: MozillaFirefox 19.0.2/17.0.4</issue>
  <issue tracker="bnc" id="813026">VUL-0: MozillaFirefox 20.0/17.0.5</issue>
  <issue tracker="bnc" id="819204">VUL-0: Mozilla 21/17.0.6 security release</issue>
  <issue tracker="bnc" id="825935">VUL-0: MozillaFirefox 22 security release</issue>
  <issue tracker="bnc" id="833389">VUL-0: MozillaFirefox 23/17.0.8esr security release</issue>
  <issue tracker="bnc" id="840485">VUL-0: Firefox 24.0/17.0.9esr security release</issue>
  <issue tracker="bnc" id="847708">VUL-0: MozillaFirefox 25 security release</issue>
  <issue tracker="bnc" id="854370">VUL-0: MozillaFirefox 26/24.2.0 security release</issue>
  <issue tracker="bnc" id="861847">VUL-0: Firefox 27/24.3.0 security release</issue>
  <issue tracker="bnc" id="868603">VUL-0: MozillaFirefox 28 security release</issue>
  <issue tracker="bnc" id="875378">VUL-0: Firefox 29 security release</issue>
  <issue tracker="bnc" id="881874">VUL-0: MozillaFirefox 30 security release</issue>
  <issue tracker="bnc" id="887746">VUL-0: MozillaFirefox 31 security release</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Firefox update to 31.1esr</summary>
  <description>This patch contains security updates for

* mozilla-nss 3.16.4
  - The following 1024-bit root CA certificate was restored to allow more
    time to develop a better transition strategy for affected sites. It was
    removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
    forum led to the decision to keep this root included longer in order to
    give website administrators more time to update their web servers.
    - CN = GTE CyberTrust Global Root
  * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
    Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
    intermediate CA certificate has been included, without explicit trust.
    The intention is to mitigate the effects of the previous removal of the
    1024-bit Entrust.net root certificate, because many public Internet
    sites still use the "USERTrust Legacy Secure Server CA" intermediate
    certificate that is signed by the 1024-bit Entrust.net root certificate.
    The inclusion of the intermediate certificate is a temporary measure to
    allow those sites to function, by allowing them to find a trust path to
    another 2048-bit root CA certificate. The temporarily included
    intermediate certificate expires November 1, 2015.

* Firefox 31.1esr
  Firefox is updated from 24esr to 31esr as maintenance for version 24 stopped</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places