Download
| Alert*
oval:org.secpod.oval:def:700775
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700758 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700753 ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory This update pr ... oval:org.secpod.oval:def:700757 xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. oval:org.secpod.oval:def:700754 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700755 mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. oval:org.secpod.oval:def:9704 The host is missing a moderate security update according to Mozilla advisory, MFSA 2013-06. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remot ... oval:org.secpod.oval:def:9684 The host is installed with SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remote attackers to obtain sensitive information or possibly c ... oval:org.secpod.oval:def:600733 It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. oval:org.secpod.oval:def:600720 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in pot ... oval:org.secpod.oval:def:600729 Several vulnerabilities have been discovered in Icedove, Debian"s variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a ... oval:org.secpod.oval:def:600725 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corr ... oval:org.secpod.oval:def:16830 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED ... oval:org.secpod.oval:def:1000386 The remote host is missing a patch 148007-01 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:700774 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:38595 The host is missing a critical security update according to Mozilla advisory, MFSA2011-33. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web s ... oval:org.secpod.oval:def:9658 The host is missing a moderate security update according to Mozilla advisory, MFSA 2013-06. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remot ... oval:org.secpod.oval:def:9638 The host is installed with SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remote attackers to obtain sensitive information or possibly c ... oval:org.secpod.oval:def:3977 The host is missing an important security update according to Apple advisory, APPLE-SA-2011-10-12-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow to execute arbitrar ... oval:org.secpod.oval:def:1057 The host is installed with Mozilla Firefox or SeaMonkey and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT's mChannel. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:1060 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT and qts mObserverList. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:1061 The host is installed with Mozilla Firefox or SeaMonkey and is prone to escalation of privilege vulnerability. A flaw is present in the application, which fails to handle Java Embedding Plugin (JEP) shipped with the Mac OS X. Successful exploitation could allow remote attackers to obtain elevated a ... oval:org.secpod.oval:def:1062 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ... oval:org.secpod.oval:def:1064 The host is installed with Mozilla Firefox or SeaMonkey and is prone to security vulnerability. A flaw is present in the application, which fails to properly implement autocompletion for forms. Successful exploitation could allow remote attackers to read form history entries via a Java applet that ... oval:org.secpod.oval:def:1065 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exis ... oval:org.secpod.oval:def:1066 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corru ... oval:org.secpod.oval:def:1067 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruptio ... oval:org.secpod.oval:def:1068 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to execution of arbitrary code vulnerability. A flaw is present in the application, which fails to properly handle nsTreeRange data structures. Successful exploitation could allow remote attackers to execute ... oval:org.secpod.oval:def:10674 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10682 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:1069 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1070 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1071 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1072 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1074 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:16244 Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ... oval:org.secpod.oval:def:16246 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16248 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16252 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16257 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16260 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. oval:org.secpod.oval:def:16262 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16290 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16292 Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within lt;selectgt; elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks. oval:org.secpod.oval:def:16295 Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition. oval:org.secpod.oval:def:16299 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno ... oval:org.secpod.oval:def:16301 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clic ... oval:org.secpod.oval:def:16303 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:16310 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ... oval:org.secpod.oval:def:16327 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16328 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16330 Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties. oval:org.secpod.oval:def:16333 Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can ... oval:org.secpod.oval:def:16357 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16358 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ... oval:org.secpod.oval:def:16359 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. oval:org.secpod.oval:def:16362 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. oval:org.secpod.oval:def:16365 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16372 Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is emp ... oval:org.secpod.oval:def:16373 Security researcher Alex Chapman reported that the Almost Native Graphics Layer Engine (ANGLE) library used by Mozilla is vulnerable to an integer overflow. This vulnerability is present because of insufficient bounds checking in the drawLineLoop function, which can be driven by web content to ove ... oval:org.secpod.oval:def:16375 Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a n ... oval:org.secpod.oval:def:16376 Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a lt;selectgt; element in a form after it has been destroyed. This could lead to a potentially exploitable crash. oval:org.secpod.oval:def:16378 Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used ... oval:org.secpod.oval:def:16380 Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances. oval:org.secpod.oval:def:16387 Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger. oval:org.secpod.oval:def:16389 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16390 The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:16391 Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. oval:org.secpod.oval:def:16393 The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after wi ... oval:org.secpod.oval:def:16394 Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors in ... oval:org.secpod.oval:def:16396 Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR ... oval:org.secpod.oval:def:16398 The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. oval:org.secpod.oval:def:16406 Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fram ... oval:org.secpod.oval:def:16833 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED ... oval:org.secpod.oval:def:16836 The host is missing a security update according to Mozilla advisory, MFSA 2013-103. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted X.509 certificate. Successful exploitation allows attackers to cause an application ... oval:org.secpod.oval:def:16837 Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) ... oval:org.secpod.oval:def:17301 Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ... oval:org.secpod.oval:def:17303 Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. oval:org.secpod.oval:def:17304 Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ... oval:org.secpod.oval:def:17305 Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ... oval:org.secpod.oval:def:17307 Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ... oval:org.secpod.oval:def:17308 Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ... oval:org.secpod.oval:def:17318 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:17319 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. oval:org.secpod.oval:def:17321 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ... oval:org.secpod.oval:def:17322 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. oval:org.secpod.oval:def:17323 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. oval:org.secpod.oval:def:17325 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. oval:org.secpod.oval:def:17326 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. oval:org.secpod.oval:def:1770 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ... oval:org.secpod.oval:def:1774 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exploit ... oval:org.secpod.oval:def:1775 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exploit ... oval:org.secpod.oval:def:17834 Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable. oval:org.secpod.oval:def:17837 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ... oval:org.secpod.oval:def:17844 Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page. oval:org.secpod.oval:def:17846 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:17847 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ... oval:org.secpod.oval:def:17850 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ... oval:org.secpod.oval:def:17851 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ... oval:org.secpod.oval:def:2316 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2317 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ... oval:org.secpod.oval:def:2318 The host is installed with Mozilla Firefox 4 or 5 or SeaMonkey 2.x before 2.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to remove proxy-authorization credentials from the listed request headers. Successful exploitation could allow atta ... oval:org.secpod.oval:def:2319 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2320 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent a buffer overflow in an unspecified string class in the WebGL shader implementation. S ... oval:org.secpod.oval:def:2321 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execut ... oval:org.secpod.oval:def:2322 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to exe ... oval:org.secpod.oval:def:2329 The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 orThunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:2701 he host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent access to motion data events. Successful exploitation could allow remote attackers to read keystrokes by leveragi ... oval:org.secpod.oval:def:2702 The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ... oval:org.secpod.oval:def:2703 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2704 The host is installed with Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitation could a ... oval:org.secpod.oval:def:2705 The host is installed with Mozilla Firefox before 7.0 and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write ope ... oval:org.secpod.oval:def:2706 The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to validate the return value of a GrowAtomTable function call. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:3662 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:3663 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ... oval:org.secpod.oval:def:3664 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:3665 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG <video> element to extreme sizes. Successful ... oval:org.secpod.oval:def:3668 The host is installed with Mozilla Firefox before 9.0 or Thunderbird before 9.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOM frame deletions by plugins. Successful exploitation could allow remo ... oval:org.secpod.oval:def:38570 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an escalation of privilege vulnerability. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation all ... oval:org.secpod.oval:def:38571 The host is missing a critical security update according to Mozilla advisory, MFSA2011-02. A flaw is present in the applications which fails to properly handle certain recursive eval calls. Successful exploitation allows remote attacker to force a user to respond positively to a dialog question, as ... oval:org.secpod.oval:def:38572 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8 or Mozilla SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:38573 The host is missing a critical security update according to Mozilla advisory, MFSA2011-01. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers to cause a denial of service (memory corruption and application crash) or po ... oval:org.secpod.oval:def:38574 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow execution vulnerability. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Succes ... oval:org.secpod.oval:def:38575 The host is missing a critical security update according to Mozilla advisory, MFSA2011-04. A flaw is present in the applications which fails to properly handle vectors involving non-local JavaScript variables. Successful exploitation allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:38576 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and ... oval:org.secpod.oval:def:38577 The host is missing a critical security update according to Mozilla advisory, MFSA2011-03. A flaw is present in the applications which fails to properly handle unspecified vectors related to the js_HasOwnProperty function and garbage collection. Successful exploitation allow remote attackers to exec ... oval:org.secpod.oval:def:38578 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string va ... oval:org.secpod.oval:def:38579 The host is missing a critical security update according to Mozilla advisory, MFSA2011-05. A flaw is present in the applications which fails to properly handle vectors involving exception timing and a large number of string values. Successful exploitation allow remote attackers to execute arbitrary ... oval:org.secpod.oval:def:38580 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Suc ... oval:org.secpod.oval:def:38581 The host is missing a critical security update according to Mozilla advisory, MFSA2011-06. A flaw is present in the applications which fails to properly handle vectors related to a JavaScript Worker and garbage collection. Successful exploitation allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:38582 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Success ... oval:org.secpod.oval:def:38583 The host is missing a critical security update according to Mozilla advisory, MFSA2011-07. A flaw is present in the applications which fails to properly handle long string that triggers construction of a long text run. Successful exploitation allow remote attackers to execute arbitrary code or cause ... oval:org.secpod.oval:def:38584 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 or Mozilla SeaMonkey before 2.0.12 and is prone to a cross-site request forgery vulnerability. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation ... oval:org.secpod.oval:def:38585 The host is missing a critical security update according to Mozilla advisory, MFSA2011-10. A flaw is present in the applications which fails to properly handle requests initiated by a plugin. Successful exploitation allow remote attackers to hijack the authentication of arbitrary users. oval:org.secpod.oval:def:38586 The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Mozilla SeaMonkey 2.0.12 or Mozilla Thunderbird before 3.1.8 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote ... oval:org.secpod.oval:def:38587 The host is missing a critical security update according to Mozilla advisory, MFSA2011-09. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote attackers to execute arbitrary code or cause a denial of service (application crash ... oval:org.secpod.oval:def:38589 The host is installed with Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17 or 4.x before 4.0.1 or Mozilla seamonkey before 2.0.14 and is prone to an information disclosure vulnerability. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSL ... oval:org.secpod.oval:def:38590 The host is missing a critical security update according to Mozilla advisory, MFSA2011-18. A flaw is present in the applications which fails to properly handle XML document containing a call to the XSLT generate-id XPath function. Successful exploitation allows remote attackers to obtain potentially ... oval:org.secpod.oval:def:38593 The host is installed with Mozilla Firefox 4.x before 6.0 or Mozilla Seamonkey 2.x before 2.3 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications which fails to properly handle a crafted web site. Successful exploitation allows remote attackers to bypass th ... oval:org.secpod.oval:def:4456 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-09. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation co ... oval:org.secpod.oval:def:4455 The host is installed with Mozilla Firefox 4.x before 10 or SeaMonkey before 2.7 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation could allow other users on ... oval:org.secpod.oval:def:4457 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4458 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4460 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation ... oval:org.secpod.oval:def:4459 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4461 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4462 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4463 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4464 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4465 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4466 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4467 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:4468 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4469 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4470 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ... oval:org.secpod.oval:def:4471 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ... oval:org.secpod.oval:def:4472 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4473 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:4926 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4927 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4930 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:4931 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4932 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4933 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4934 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:4935 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4936 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:4937 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4938 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4939 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly sanitize user supplied input. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:4942 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4943 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:5485 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5486 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5484 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5487 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5488 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5490 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5489 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5492 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5491 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5494 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5493 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5496 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5495 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5498 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5497 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5499 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5500 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5502 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5501 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:5504 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5503 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:5647 The host is installed with Mozilla Firefox before 3.5.12 or 3.6.x before 3.6.9 or Thunderbird before 3.0.7 or 3.1.x before 3.1.3 or SeaMonkey before 2.0.7 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a specially crafted font in a data ... oval:org.secpod.oval:def:6122 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6121 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6123 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6124 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:6127 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:6126 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6129 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6128 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6131 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6130 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6133 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6132 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6135 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6136 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6134 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6137 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6168 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ... oval:org.secpod.oval:def:6167 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ... oval:org.secpod.oval:def:6473 The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:6455 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ... oval:org.secpod.oval:def:6476 The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ... oval:org.secpod.oval:def:6458 The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ... oval:org.secpod.oval:def:6477 The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ... oval:org.secpod.oval:def:6459 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ... oval:org.secpod.oval:def:6460 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ... oval:org.secpod.oval:def:6478 The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ... oval:org.secpod.oval:def:6461 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ... oval:org.secpod.oval:def:6479 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ... oval:org.secpod.oval:def:6480 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ... oval:org.secpod.oval:def:6462 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ... oval:org.secpod.oval:def:6481 The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ... oval:org.secpod.oval:def:6463 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ... oval:org.secpod.oval:def:6482 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ... oval:org.secpod.oval:def:6465 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6484 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6483 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ... oval:org.secpod.oval:def:6485 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ... oval:org.secpod.oval:def:6466 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6469 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6468 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6467 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ... oval:org.secpod.oval:def:6487 The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6472 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ... oval:org.secpod.oval:def:6471 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:6488 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:6464 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6864 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6863 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6866 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6865 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6867 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6882 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6881 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6880 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6869 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6868 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6873 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6872 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6871 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6870 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6877 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6876 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6875 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6874 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6879 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6878 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6886 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6885 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6888 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6887 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:6889 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6891 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6890 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:6893 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6892 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6895 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6894 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6899 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6898 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6901 The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ... oval:org.secpod.oval:def:6900 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ... oval:org.secpod.oval:def:6903 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6902 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:7632 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7633 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7634 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7635 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7636 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7637 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7638 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7639 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7640 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7641 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7642 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7643 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7644 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7645 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7646 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7647 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7648 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7649 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7650 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7651 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7652 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7653 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7654 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7655 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7656 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:7657 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:7658 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7659 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7660 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7661 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7662 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7663 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7664 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7665 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7666 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7667 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7668 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7669 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7670 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7671 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:7672 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7727 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7728 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7729 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7730 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:8035 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:8036 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8037 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:8038 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8039 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:8041 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:8042 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:8043 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:8044 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8045 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8046 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8047 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8048 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8049 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8050 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8051 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8053 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8054 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8055 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8056 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:8057 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8059 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8060 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8062 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8064 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8065 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8066 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8067 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8068 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8069 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8070 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8072 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8073 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8074 The host is missing a security update according to MFSA 2012-97. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:8075 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8076 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8077 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document. S ... oval:org.secpod.oval:def:9619 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9620 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9621 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly handle certain unknown vectors. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9625 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9626 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9628 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9629 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:9632 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9633 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9634 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9637 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9640 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9642 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9644 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code executio vulnerability. A flaw is present in the applications, which fail to properly interact wi ... oval:org.secpod.oval:def:9648 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9649 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9652 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9653 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9654 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9657 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9661 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9663 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9929 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9932 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9933 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9934 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ... oval:org.secpod.oval:def:9935 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ... oval:org.secpod.oval:def:9937 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:9939 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState function. Successful exploitation allows remote ... oval:org.secpod.oval:def:9940 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9942 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:9945 The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:9946 The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ... oval:org.secpod.oval:def:9947 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9948 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:16377 Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash. oval:org.secpod.oval:def:9931 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... oval:org.secpod.oval:def:9930 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:16370 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:16371 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16374 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:9936 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9938 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:9944 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9943 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:16388 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application cra ... oval:org.secpod.oval:def:9941 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:16385 Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents. oval:org.secpod.oval:def:16386 Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this . It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker supp ... oval:org.secpod.oval:def:16383 Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions. Starting with Firefox 20 this condition was turned ... oval:org.secpod.oval:def:9949 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:16384 Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow. oval:org.secpod.oval:def:16356 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:16367 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:16368 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:16363 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16364 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16392 Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:16395 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging ... oval:org.secpod.oval:def:16335 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig ... oval:org.secpod.oval:def:16332 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:16338 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on ... oval:org.secpod.oval:def:16336 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers. oval:org.secpod.oval:def:16331 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:9950 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:16326 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:10673 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10680 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and ot ... oval:org.secpod.oval:def:10681 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10683 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10684 The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:10685 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10675 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:10676 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ... oval:org.secpod.oval:def:10677 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.secpod.oval:def:10678 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:10679 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:10686 The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:10687 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10688 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10689 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:9659 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9656 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9655 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9650 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9651 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9664 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9660 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9662 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9636 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9635 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9631 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9639 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9630 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9647 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:16400 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:9646 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9643 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:16404 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vect ... oval:org.secpod.oval:def:16405 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intend ... oval:org.secpod.oval:def:9645 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:16402 Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats wit ... oval:org.secpod.oval:def:16403 Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related ... oval:org.secpod.oval:def:9641 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9624 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9627 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9623 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9622 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:16302 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ... oval:org.secpod.oval:def:16306 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ... oval:org.secpod.oval:def:16304 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:17841 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17840 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17845 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17843 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17839 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:17836 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17853 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17856 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17855 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17854 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:17849 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17848 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:16311 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ... oval:org.secpod.oval:def:16309 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16307 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ... oval:org.secpod.oval:def:16308 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ... oval:org.secpod.oval:def:21358 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1 ... oval:org.secpod.oval:def:21356 Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ... oval:org.secpod.oval:def:16258 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16255 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16256 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. oval:org.secpod.oval:def:16259 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16254 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. oval:org.secpod.oval:def:16251 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16261 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:17329 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17327 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:16238 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:17320 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:16247 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:17335 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17334 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:16245 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:17333 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:16242 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17332 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:16243 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17331 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:16240 Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ... oval:org.secpod.oval:def:17330 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:16241 Mozilla security developer Daniel Veditz discovered that lt;iframe sandboxgt; restrictions are not applied to an lt;objectgt; element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use lt;objectgt; element to bypass the sandbox restrictions th ... oval:org.secpod.oval:def:16293 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16294 Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilit ... oval:org.secpod.oval:def:16291 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16298 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ... oval:org.secpod.oval:def:16296 Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16288 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:16289 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17302 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17300 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:17314 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17313 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17312 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17311 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17317 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17315 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17310 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:17835 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17833 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:16749 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:16748 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:16832 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a relat ... oval:org.secpod.oval:def:16831 Security researcher Fabiaacute;n Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an lt;iframegt; with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it quot;in-linequot; using Thu ... oval:org.secpod.oval:def:16829 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a relat ... oval:org.secpod.oval:def:16828 Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an <iframe> with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" usin ... oval:org.secpod.oval:def:16730 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16731 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16734 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:16735 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:16733 Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable. oval:org.secpod.oval:def:16727 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:16728 Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy. oval:org.secpod.oval:def:16725 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16726 Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ... oval:org.secpod.oval:def:16729 Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ... oval:org.secpod.oval:def:16741 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:16742 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ... oval:org.secpod.oval:def:16740 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:16745 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16746 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. oval:org.secpod.oval:def:16743 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ... oval:org.secpod.oval:def:16744 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16738 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:16739 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. oval:org.secpod.oval:def:16736 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16737 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in j ... oval:org.secpod.oval:def:16724 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.mitre.oval:def:12192 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in wh ... oval:org.mitre.oval:def:12186 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. oval:org.mitre.oval:def:12158 Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. oval:org.mitre.oval:def:12143 Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a ... oval:org.mitre.oval:def:12145 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex ... oval:org.mitre.oval:def:12132 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss ... oval:org.mitre.oval:def:12136 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access ... oval:org.mitre.oval:def:12120 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows ... oval:org.mitre.oval:def:12116 Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. oval:org.mitre.oval:def:12118 The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryp ... oval:org.mitre.oval:def:12114 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross ... oval:org.mitre.oval:def:12108 Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the app ... oval:org.mitre.oval:def:12202 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. oval:org.mitre.oval:def:11799 Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related ... oval:org.mitre.oval:def:11550 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: ... oval:org.mitre.oval:def:11778 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via ... oval:org.mitre.oval:def:11519 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) a ... oval:org.mitre.oval:def:11517 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:11735 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) pr ... oval:org.mitre.oval:def:11969 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (app ... oval:org.mitre.oval:def:12254 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.mitre.oval:def:12001 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access an ... oval:org.mitre.oval:def:11684 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers ... oval:org.mitre.oval:def:11675 Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and ... oval:org.mitre.oval:def:11891 The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to ... oval:org.secpod.oval:def:15024 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:///URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the ... oval:org.secpod.oval:def:15021 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier(URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origi ... oval:org.secpod.oval:def:15022 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-sitescripting (XSS) attacks by web workers. oval:org.secpod.oval:def:15014 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash. oval:org.secpod.oval:def:15012 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:15013 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitablecrash. oval:org.secpod.oval:def:15018 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:15019 Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can l ... oval:org.secpod.oval:def:15016 Security researcher Aki Helin from OUSPG used the AddressSanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties. oval:org.secpod.oval:def:15017 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:10670 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10671 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10672 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:10665 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:10666 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10667 The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:10668 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10669 The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:10660 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:10661 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:10662 The host is installed with Mozilla Firefox before 20.0, SeaMonkey before 2.17, Firefox ESR before 20.0, Thunderbird before 17.0.5 or Thunderbird ESR before 17.0.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors re ... oval:org.secpod.oval:def:10663 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10654 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10656 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10657 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:10658 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ... oval:org.secpod.oval:def:10659 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.secpod.oval:def:15048 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. oval:org.secpod.oval:def:15045 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. oval:org.secpod.oval:def:15049 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15043 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, SeaMonkey before 2.20 or Mozilla Firefox ESR, Mozilla Thunderbird, Mozilla Thunderbird ESR before 17.0.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl ... oval:org.secpod.oval:def:15044 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ... oval:org.secpod.oval:def:15042 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:15056 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:15050 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15051 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15054 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:15053 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:16268 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16269 Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ... oval:org.secpod.oval:def:16266 Mozilla security developer Daniel Veditz discovered that <iframe sandbox> restrictions are not applied to an <object> element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use <object> element to bypass the sandbox restricti ... oval:org.secpod.oval:def:16267 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16265 Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ... oval:org.secpod.oval:def:16263 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16279 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. oval:org.secpod.oval:def:16277 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, SeaMonkey before 2.23, Firefox ESR 24.0 before 24.2 or Thunderbird before 24.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:16271 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16272 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:16270 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:16276 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16273 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16282 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16283 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16280 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16281 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. oval:org.secpod.oval:def:16286 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:16287 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16284 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16285 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. oval:org.secpod.oval:def:16411 Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within <select> elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks. oval:org.secpod.oval:def:16412 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16410 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16415 Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16413 Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilit ... oval:org.secpod.oval:def:16414 Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition. oval:org.secpod.oval:def:16408 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. oval:org.secpod.oval:def:16409 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16407 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:16422 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:16423 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:16420 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a drop down menu, which allows remote attackers to spoof the address bar or conduct cli ... oval:org.secpod.oval:def:16421 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ... oval:org.secpod.oval:def:16426 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ... oval:org.secpod.oval:def:16427 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ... oval:org.secpod.oval:def:16425 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ... oval:org.secpod.oval:def:16417 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ... oval:org.secpod.oval:def:16418 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, SeaMonkey before 2.22 or Thunderbird ESR 17.0 before 17.0.10 allows remote attackers to cause a denial of service (memory corruption and application crash) or possib ... oval:org.secpod.oval:def:16697 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:16698 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16699 Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ... oval:org.secpod.oval:def:16430 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ... oval:org.secpod.oval:def:16428 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16429 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ... oval:org.secpod.oval:def:15601 The host is missing a security update according to Mozilla advisory, MFSA 2013-77. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to maintain the state of the insertion-mode stack for template elements. Successful exploitat ... oval:org.secpod.oval:def:15602 The host is installed missing a security update according to Mozilla advisory, MFSA 2013-78.The update is required to fix an integer overflow vulnerability. A flaw is present is the applications, which fail to handle a crafted site. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15600 The host is missing a security update according to Mozilla advisory, MFSA 2013-76. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15612 The host is missing a security update according to Mozilla advisory, MFSA 2013-89. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted use of lists and floats within a multi-column layout. Successful exploitation could al ... oval:org.secpod.oval:def:16701 Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy. oval:org.secpod.oval:def:15613 The host is missing a security update according to Mozilla advisory, MFSA 2013-90. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:16702 Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ... oval:org.secpod.oval:def:15611 The host is missing a security update according to Mozilla advisory, MFSA 2013-88. The update is required to fix a arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle movement of XBL-backed nodes between documents. Successful exploitation could allow a ... oval:org.secpod.oval:def:16700 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:15605 The host is missing a security update according to, MFSA 2013-81. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow attackers to crash the ser ... oval:org.secpod.oval:def:15606 The host is missing a security update according to Mozilla advisory, MFSA 2013-82. The update is required to a fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15603 The host is missing a security update according to, MFSA 2013-79. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle stylesheet cloning. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15604 The host is missing a security update according to, MFSA 2013-80. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:15609 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:15607 The host is missing a security update according to Mozilla advisory. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR file. Successful exploitation could allow attackers to replace the installed software with th ... oval:org.secpod.oval:def:15620 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle stylesh ... oval:org.secpod.oval:def:15623 he host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle crafted data. S ... oval:org.secpod.oval:def:16712 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. oval:org.secpod.oval:def:15624 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21, and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly lock the MAR ... oval:org.secpod.oval:def:16713 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:15621 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could al ... oval:org.secpod.oval:def:16710 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, SeaMonkey before 2.24, Thunderbird before 24.3 or Firefox ESR 24.0 before 24.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:15622 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle key messages after widget is destroyed. Successful exploitation could allow ... oval:org.secpod.oval:def:16711 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:15616 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, or SeaMonkey before 2.21 and is prone to a memory safety vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Su ... oval:org.secpod.oval:def:15617 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, SeaMonkey before 2.21 or Mozilla Firefox ESR, Mozilla Thunderbird ESR before 17.0.9 and is prone to a memory safety vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful ex ... oval:org.secpod.oval:def:16706 Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable. oval:org.secpod.oval:def:15614 The host is missing a security update according to Mozilla advisory, MFSA 2013-91. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly identify the "this" object during use of user-defined getter methods on DOM proxies. Success ... oval:org.secpod.oval:def:16703 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:15615 The host is missing a security update according to Mozilla advisory, MFSA 2013-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code by lever ... oval:org.secpod.oval:def:16704 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16709 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:15618 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, or SeaMonkey before 2.21 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to maintain the state of the insertion-mode stack for template elements. Successful ... oval:org.secpod.oval:def:16707 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:15619 The host is installed with Mozilla Firefox before 24.0 or SeaMonkey before 2.21 and is prone to an integer overflow vulnerability. A flaw is present is the applications, which fail to handle a crafted site. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16708 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:15630 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Su ... oval:org.secpod.oval:def:15631 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to use after free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Succe ... oval:org.secpod.oval:def:15632 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly identify the " ... oval:org.secpod.oval:def:15633 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0, or SeaMonkey before 2.21 an use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code by leveraging i ... oval:org.secpod.oval:def:15627 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows arbitrary attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:16716 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ... oval:org.secpod.oval:def:16717 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16714 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:15626 The host is installed with Mozilla Firefox before 24.0, Thunderbird before 24.0 or SeaMonkey before 2.21 and is prone to uninitialized data vulnerability. A flaw is present in the applications, which does not properly initialize memory. Successful exploitation allows remote attackers to obtain sensi ... oval:org.secpod.oval:def:16715 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ... oval:org.secpod.oval:def:15629 The host is installed with Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, or SeaMonkey before 2.21 allows remote attackers and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, whic ... oval:org.secpod.oval:def:16718 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16719 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. oval:org.secpod.oval:def:16834 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix miscellaneous network security services vulnerabilities. The flaws are present in the applications, which fail to handle statistical analysis of ciphertext or a crafted X.509 cer ... oval:org.secpod.oval:def:16835 Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, SeaMonkey before 2.22.1, Thunderbird 24.x before 24.1.1 or Thunderbird ESR 17.0.x before 17.0.11 allo ... oval:org.secpod.oval:def:17149 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17147 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17159 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17158 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17157 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:17152 Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ... oval:org.secpod.oval:def:17151 Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ... oval:org.secpod.oval:def:17150 Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. oval:org.secpod.oval:def:17155 Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ... oval:org.secpod.oval:def:17154 Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ... oval:org.secpod.oval:def:1787 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ... oval:org.secpod.oval:def:21266 Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ... oval:org.secpod.oval:def:21265 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, ... oval:org.secpod.oval:def:17820 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, SeaMonkey before 2.26, Thunderbird before 24.5 or Firefox ESR 24.0 before 24.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:17824 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17823 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:17822 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ... oval:org.secpod.oval:def:17817 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17815 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17814 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17819 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17818 Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page. oval:org.secpod.oval:def:17831 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17830 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:17832 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17826 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ... oval:org.secpod.oval:def:17825 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ... oval:org.secpod.oval:def:17829 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17813 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:16721 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:16722 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:17810 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ... oval:org.secpod.oval:def:17805 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17809 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17808 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17807 Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable. oval:org.secpod.oval:def:17182 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17181 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:17180 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:17169 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. oval:org.secpod.oval:def:17168 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ... oval:org.secpod.oval:def:17163 Security researcher George Hotz , via TippingPoint"s Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. oval:org.secpod.oval:def:17162 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17161 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17160 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17167 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:17165 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, SeaMonkey before 2.25, Firefox ESR before 24.0 before 24.4 or Thunderbird before 24.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... oval:org.secpod.oval:def:17164 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17179 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:17174 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:17173 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. oval:org.secpod.oval:def:17172 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. oval:org.secpod.oval:def:17178 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:17177 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:17176 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17170 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. oval:org.secpod.oval:def:1791 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey through 2.0.14 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exp ... oval:org.secpod.oval:def:1792 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey through 2.0.14 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exp ... oval:org.secpod.oval:def:26 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or SeaMonkey before 2.0.11 and is prone to use-after-free vulnerability. A flaw is present in nsDOMAttribute node handling. Successful exploitation allows remote attackers to execute arbitrary code by making the iterato ... oval:org.secpod.oval:def:2301 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2303 The host is installed with Mozilla Firefox 4 or 5 or SeaMonkey 2.x before 2.3 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to remove proxy-authorization credentials from the listed request headers. Successful exploitation could allow atta ... oval:org.secpod.oval:def:2302 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ... oval:org.secpod.oval:def:2304 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2307 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3, and is prone to a security bypass vulnerability. A flaw is present in the applications, which allow attackers to bypass Same Origin Policy and obtain sensitive image data from a different domain by ... oval:org.secpod.oval:def:2306 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3, and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execu ... oval:org.secpod.oval:def:2308 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to ex ... oval:org.secpod.oval:def:2315 The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:307 The host is installed with Mozilla Firefox or SeaMonkey and is prone to cross-site request forgery vulnerability. A flaw is present in the applications which fails to properly handle requests that were initiated by a plugin and receive a 307 redirect to a page on a different web site. Successful exp ... oval:org.secpod.oval:def:306 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in the applications which fails to properly construct the layout objects used to display the text. Successful exploitation allow remote attackers to run arbitrary code. oval:org.secpod.oval:def:308 The host is installed with Mozilla Firefox or SeaMonkey or Thunderbird and is prone to denial of service vulnerability. A flaw is present in the applications, when a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to stor ... oval:org.secpod.oval:def:303 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in a method used by JSON.stringify of the application may result in use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. Successful exp ... oval:org.secpod.oval:def:302 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in the applications which fails to handle JavaScript engine's internal memory mapping of non-local JS variables. Successful exploitation allow remote attackers to run arbitrary co ... oval:org.secpod.oval:def:305 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in javascript worker of the applications which fails to handle when subsequent calls is done through deleted reference. Successful exploitation allow remote attackers to run arbitr ... oval:org.secpod.oval:def:304 The host is installed with Mozilla Firefox or SeaMonkey and is prone to buffer overflow vulnerability. A flaw is present in javascript engine of the application, in which internal mapping of string values contained an error in cases where the number of values being stored was above 64K. Successful e ... oval:org.secpod.oval:def:301 The host is installed with Mozilla Firefox or SeaMonkey or Thunderbird and is prone to denial of service vulnerability. A flaw is present in the applications, which fails to handle memory corruption under some circumstances. Successful exploitation allow remote attackers to run arbitrary code. oval:org.secpod.oval:def:300 The host is installed with Mozilla Firefox or SeaMonkey and is prone to elevated privilege vulnerability. A flaw is present in the applications which fails to handle eval function when the recursive call is made to eval() wrapped in a try/catch statement places the browser into a inconsistent state. ... oval:org.secpod.oval:def:29 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7, or Mozilla SeaMonkey before 2.0.11 and is prone to buffer overflow vulnerability. A flaw is present in the string handling, which causes overflow in line breaki ... oval:org.secpod.oval:def:28 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7, or Mozilla SeaMonkey before 2.0.11 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to validate downloada ... oval:org.secpod.oval:def:27 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or SeaMonkey before 2.0.11 and is prone to integer overflow vulnerability. A flaw is present in the NewIdArray function, which allows construction of an array containing a very large number of items causing an overflow ... oval:org.secpod.oval:def:33 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle interaction between the XMLHttpRequestSpy object and chrome pr ... oval:org.secpod.oval:def:32 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to remote code execution vulnerability. A flaw is present in the <div> element handling, which incorrectly treats the <div> element inside a <treechildren> element as a pa ... oval:org.secpod.oval:def:31 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle injection of an ISINDEX element into an about:blank page which ... oval:org.secpod.oval:def:30 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the rendering engine, which are caused due to some characters being converted to angle bra ... oval:org.secpod.oval:def:2688 The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ... oval:org.secpod.oval:def:2687 The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent access to motion data events. Successful exploitation could allow remote attackers to read keystrokes by leverag ... oval:org.secpod.oval:def:2689 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2691 The host is installed with Mozilla Firefox before 7.0 and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write ope ... oval:org.secpod.oval:def:2690 The host is installed with Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitation could a ... oval:org.secpod.oval:def:2692 The host is installed with Mozilla Firefox before 7.0 or SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to validate the return value of a GrowAtomTable function call. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:38 The host is installed with Mozilla Firefox 3.5.x before 3.5.16, Mozilla Thunderbird before 3.0.11 or SeaMonkey before 2.0.11 and is prone to unspecified vulnerability. A flaw is present in the browser engine, which has an evidence of memory corruption under certain circumstances. Successful exploita ... oval:org.secpod.oval:def:36 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 or Mozilla SeaMonkey before 2.0.11 and is prone to multiple unspecified vulnerabilities. The flaws are present in the browser engine, which contains several memo ... oval:org.secpod.oval:def:35 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to security bypass vulnerability. A flaw is present in Java security handling, which fails to properly process certain redirections involving data: URLs and Java LiveConne ... oval:org.secpod.oval:def:34 The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to SSL spoofing vulnerability. A flaw is present in the network or certificate error page handling, which allows opening site to access documents inside the window and inj ... oval:org.secpod.oval:def:3657 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:3658 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ... oval:org.secpod.oval:def:3659 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:3660 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG video element to extreme sizes. Successful e ... oval:org.secpod.oval:def:4441 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06 . The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitatio ... oval:org.secpod.oval:def:4442 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4440 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4445 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4446 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4443 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4444 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4449 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4447 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4448 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4452 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ... oval:org.secpod.oval:def:4453 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4450 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4451 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ... oval:org.secpod.oval:def:4454 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:4438 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4439 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4922 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly r ... oval:org.secpod.oval:def:4923 The host is missing a critical security update according to Mozilla advisory, MFSA2012-12. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4920 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4921 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4924 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4925 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:4919 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:4917 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4918 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4911 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4912 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-18. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4915 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4916 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:4913 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4914 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:4908 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4906 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4907 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5465 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5464 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5463 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5462 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5469 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5468 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5467 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5466 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5461 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5476 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5475 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5474 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5473 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5479 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5478 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5477 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5472 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5471 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 on Windows Vista and Windows 7 systems and is prone to memory corruption vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:5470 The host is missing a critical security update according to Mozilla advisory, MFSA2012-25. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly restrict font-rendering attempts. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:5483 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5482 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:5481 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5480 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:6422 The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:6421 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ... oval:org.secpod.oval:def:6120 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6103 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6102 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6101 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6104 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:6109 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6114 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6113 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6112 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6111 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6118 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6117 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6116 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6115 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6119 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6110 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:6166 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ... oval:org.secpod.oval:def:6165 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ... oval:org.secpod.oval:def:6429 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ... oval:org.secpod.oval:def:6428 The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ... oval:org.secpod.oval:def:6427 The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ... oval:org.secpod.oval:def:6433 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ... oval:org.secpod.oval:def:6432 The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ... oval:org.secpod.oval:def:6431 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ... oval:org.secpod.oval:def:6430 The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ... oval:org.secpod.oval:def:6437 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ... oval:org.secpod.oval:def:6436 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ... oval:org.secpod.oval:def:6435 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ... oval:org.secpod.oval:def:6434 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ... oval:org.secpod.oval:def:6439 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6438 The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ... oval:org.secpod.oval:def:6840 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6844 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6843 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6842 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:6841 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6848 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6847 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6846 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6845 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:6849 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6850 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6444 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ... oval:org.secpod.oval:def:6443 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6442 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ... oval:org.secpod.oval:def:6441 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6448 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6447 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ... oval:org.secpod.oval:def:6446 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ... oval:org.secpod.oval:def:6445 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6449 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6440 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:6454 The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6453 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ... oval:org.secpod.oval:def:6452 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:6822 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6821 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6820 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6826 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6825 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6824 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6823 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6829 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6828 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6827 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6833 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6832 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6831 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6830 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6837 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6836 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6835 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6834 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6819 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6818 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6860 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:7723 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7724 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:6855 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6859 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6858 The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ... oval:org.secpod.oval:def:6857 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ... oval:org.secpod.oval:def:6856 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:7596 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7597 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7598 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7599 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7592 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7593 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7594 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7595 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7590 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7591 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7630 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7611 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7612 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7613 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7614 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:7610 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7619 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7615 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:7616 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7617 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7618 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7622 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7623 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7624 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7625 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7620 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7621 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7626 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7627 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7628 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7629 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:7600 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7601 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7602 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7603 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7608 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7609 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7604 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7605 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7606 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7607 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7997 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:7998 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:7999 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:7992 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7993 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:7994 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7995 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:7991 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:7725 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7726 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:8029 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8025 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8026 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8027 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8021 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8022 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8023 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8024 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8033 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8034 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8030 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8031 The host is missing a security update according to MFSA 2012-99. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:8007 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8009 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8003 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8004 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8005 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8006 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8000 The host is installed with Mozilla Firefox 11.0 before 17.0, before 10.0.11, Firefox ESR before 17.0.2, 10.x before 10.0.12, Thunderbird 11.0 before 17.0, before 10.0.11, Thunderbird ESR 17.0.2, 10.x before 10.0.12 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A ... oval:org.secpod.oval:def:8001 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8002 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8019 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8014 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8016 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8017 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8010 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8011 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8013 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:808 The host is installed with Mozilla Firefox or SeaMonkey and is prone to privilege escalation vulnerability. A flaw is present in the browsers, which fails to handle the injection of an ISINDEX element into an about:blank page which upon submission would redirect to a chrome: document. Successful exp ... oval:org.secpod.oval:def:807 The host is installed with Mozilla Firefox or Thunderbird or SeaMonkey and is prone to remote code execution vulnerability. A flaw is present in the nsIScriptableUnescapeHTML.parseFragment method, which fails to sanitize HTML in a chrome document. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:9702 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9701 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9703 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9700 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9709 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9706 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9705 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9708 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9707 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9710 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:940 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:927 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECTs mChannel. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:929 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption a ... oval:org.secpod.oval:def:928 The host is installed with Mozilla Firefox or SeaMonkey and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle OBJECT mObserverList. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:934 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to execution of arbitrary code vulnerability. A flaw is present in the application, which fails to properly handle nsTreeRange data structures. Successful exploitation could allow remote attackers to execute ... oval:org.secpod.oval:def:933 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ... oval:org.secpod.oval:def:936 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:935 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:930 The host is installed with Mozilla Firefox or SeaMonkey and is prone to security vulnerability. A flaw is present in the application, which fails to properly implement autocompletion for forms. Successful exploitation could allow remote attackers to read form history entries via a Java applet that s ... oval:org.secpod.oval:def:932 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corrup ... oval:org.secpod.oval:def:931 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exist ... oval:org.secpod.oval:def:938 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:937 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:9669 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9668 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:9665 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9667 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15 or Thunderbird ESR, Firefox ESR 10.x before 10.0.12 or 17.x before 17.0.2 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly ha ... oval:org.secpod.oval:def:9666 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9698 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9697 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9699 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9694 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9693 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:9696 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9695 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9690 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact w ... oval:org.secpod.oval:def:9692 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9691 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9679 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9676 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9675 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15, Thunderbird ESR, Firefox ESR 10.0.x before 10.0.12 or 17.x before 17.0.2 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted docu ... oval:org.secpod.oval:def:9678 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9677 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9672 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9671 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9674 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9673 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9670 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9687 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9686 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9689 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9688 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9683 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9682 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9685 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9681 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9680 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9911 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9910 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9913 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ... oval:org.secpod.oval:def:9912 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ... oval:org.secpod.oval:def:9919 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:9918 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function ... oval:org.secpod.oval:def:9915 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Su ... oval:org.secpod.oval:def:9914 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9917 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState fun ... oval:org.secpod.oval:def:9916 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:9922 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9921 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:9924 The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ... oval:org.secpod.oval:def:9923 The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:9920 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR 17.x before 17.0.3 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vect ... oval:org.secpod.oval:def:9926 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:9925 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9928 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:9927 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9908 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:9907 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster functi ... oval:org.secpod.oval:def:9909 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... oval:org.secpod.oval:def:2713 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ... oval:org.secpod.oval:def:2707 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ... oval:org.secpod.oval:def:2709 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ... oval:org.secpod.oval:def:2708 The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ... oval:org.secpod.oval:def:2693 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ... oval:org.secpod.oval:def:2695 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ... oval:org.secpod.oval:def:2694 The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ... oval:org.secpod.oval:def:2699 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ... |