| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:18002 | V | Same-origin bypass with web workers and XMLHttpRequest | 2014-10-06 |
| oval:org.mitre.oval:def:18014 | V | Further Privilege escalation through Mozilla Updater | 2014-10-06 |
| oval:org.mitre.oval:def:18367 | V | Local Java applets may read contents of local file system | 2014-10-06 |
| oval:org.mitre.oval:def:18443 | V | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. | 2014-10-06 |
| oval:org.mitre.oval:def:18514 | V | Miscellaneous memory safety hazards | 2014-10-06 |
| oval:org.mitre.oval:def:18520 | V | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. | 2014-10-06 |
| oval:org.mitre.oval:def:18531 | V | Document URI misrepresentation and masquerading | 2014-10-06 |
| oval:org.mitre.oval:def:18617 | V | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. | 2014-10-06 |
| oval:org.mitre.oval:def:18766 | V | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. | 2014-10-06 |
| oval:org.mitre.oval:def:18773 | V | CRMF requests allow for code execution and XSS attacks | 2014-10-06 |
| oval:org.mitre.oval:def:18789 | V | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the thisobject during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | 2014-10-06 |
| oval:org.mitre.oval:def:18821 | V | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. | 2014-10-06 |
| oval:org.mitre.oval:def:18856 | V | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. | 2014-10-06 |
| oval:org.mitre.oval:def:18871 | V | Buffer overflow in Mozilla Maintenance Service and Mozilla Updater | 2014-10-06 |
| oval:org.mitre.oval:def:18884 | V | Wrong principal used for validating URI for some Javascript components | 2014-10-06 |
| oval:org.mitre.oval:def:18902 | V | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. | 2014-10-06 |
| oval:org.mitre.oval:def:18930 | V | Buffer overflow in Mozilla Maintenance Service and Mozilla Updater | 2014-10-06 |
| oval:org.mitre.oval:def:18939 | V | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2014-10-06 |
| oval:org.mitre.oval:def:18982 | V | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. | 2014-10-06 |
| oval:org.mitre.oval:def:19011 | V | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2014-10-06 |
| oval:org.mitre.oval:def:19022 | V | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. | 2014-10-06 |
| oval:org.mitre.oval:def:19025 | V | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. | 2014-10-06 |
| oval:org.mitre.oval:def:19028 | V | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. | 2014-10-06 |
| oval:org.mitre.oval:def:19031 | V | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. | 2014-10-06 |
| oval:org.mitre.oval:def:22122 | V | Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data | 2014-10-06 |