Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2014-02-06 CVE-2014-1479 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. 7.5
2014-02-06 CVE-2014-1477 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical debian redhat fedoraproject opensuse suse
critical
9.8
2014-02-05 CVE-2014-0497 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe google redhat suse opensuse CWE-191
critical
9.8
2014-01-26 CVE-2013-7137 Improper Authentication vulnerability in Burden Project Burden
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
network
low complexity
burden-project CWE-287
critical
9.8
2013-12-11 CVE-2013-6673 Cryptographic Issues vulnerability in multiple products
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.
5.9
2013-12-11 CVE-2013-6671 Code Injection vulnerability in multiple products
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
network
low complexity
mozilla canonical redhat opensuse suse fedoraproject CWE-94
critical
9.8
2013-12-11 CVE-2013-5618 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
network
low complexity
mozilla fedoraproject opensuse suse canonical redhat CWE-416
critical
9.8
2013-12-11 CVE-2013-5616 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8
2013-12-11 CVE-2013-5615 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
network
low complexity
mozilla canonical opensuse suse fedoraproject
critical
9.8
2013-12-11 CVE-2013-5613 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8