Download
| Alert*
|
oval:org.secpod.oval:def:700775
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700758 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700753 ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory This update pr ... oval:org.secpod.oval:def:700757 xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. oval:org.secpod.oval:def:700754 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700755 mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. oval:org.secpod.oval:def:9704 The host is missing a moderate security update according to Mozilla advisory, MFSA 2013-06. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remot ... oval:org.secpod.oval:def:9684 The host is installed with SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remote attackers to obtain sensitive information or possibly c ... oval:org.secpod.oval:def:600733 It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. oval:org.secpod.oval:def:600720 Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in pot ... oval:org.secpod.oval:def:600729 Several vulnerabilities have been discovered in Icedove, Debian"s variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a ... oval:org.secpod.oval:def:600725 Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corr ... oval:org.secpod.oval:def:1000386 The remote host is missing a patch 148007-01 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:700774 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:9658 The host is missing a moderate security update according to Mozilla advisory, MFSA 2013-06. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remot ... oval:org.secpod.oval:def:9638 The host is installed with SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to restrict a touch event to a single IFRAME element. Successful exploitation allows remote attackers to obtain sensitive information or possibly c ... oval:org.secpod.oval:def:10674 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10682 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:16244 Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ... oval:org.secpod.oval:def:16246 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16248 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16252 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16257 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16260 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. oval:org.secpod.oval:def:16262 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16327 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16328 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16330 Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties. oval:org.secpod.oval:def:16333 Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can ... oval:org.secpod.oval:def:16357 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16358 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ... oval:org.secpod.oval:def:16359 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. oval:org.secpod.oval:def:16362 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. oval:org.secpod.oval:def:16365 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:17301 Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ... oval:org.secpod.oval:def:17303 Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. oval:org.secpod.oval:def:17304 Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ... oval:org.secpod.oval:def:17305 Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ... oval:org.secpod.oval:def:17307 Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ... oval:org.secpod.oval:def:17308 Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ... oval:org.secpod.oval:def:17318 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:17319 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. oval:org.secpod.oval:def:17321 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ... oval:org.secpod.oval:def:17322 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. oval:org.secpod.oval:def:17323 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. oval:org.secpod.oval:def:17325 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. oval:org.secpod.oval:def:17326 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. oval:org.secpod.oval:def:17834 Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable. oval:org.secpod.oval:def:17837 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ... oval:org.secpod.oval:def:17844 Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page. oval:org.secpod.oval:def:17846 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:17847 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ... oval:org.secpod.oval:def:17850 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ... oval:org.secpod.oval:def:17851 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ... oval:org.secpod.oval:def:3664 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:4456 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-09. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation co ... oval:org.secpod.oval:def:4455 The host is installed with Mozilla Firefox 4.x before 10 or SeaMonkey before 2.7 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to save 'Firefox Recovery Key.html' with proper permissions. Successful exploitation could allow other users on ... oval:org.secpod.oval:def:4457 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4458 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4460 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation ... oval:org.secpod.oval:def:4459 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4461 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4462 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4463 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4464 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4465 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4466 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4467 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:4468 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4469 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4472 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4473 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:4926 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4927 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4930 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:4931 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4932 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4933 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4934 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:4935 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4936 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:4937 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4938 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4939 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly sanitize user supplied input. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:4942 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4943 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:5485 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5486 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5484 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5487 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5488 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5490 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5489 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5492 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5491 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5494 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5493 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5496 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5495 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5498 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5497 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5499 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5500 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5502 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5501 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:5504 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5503 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:6122 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6121 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6123 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6124 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:6127 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:6126 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6129 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6128 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6131 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6130 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6133 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6132 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6135 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6136 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6134 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6137 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6864 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6863 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6866 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6865 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6867 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6882 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6881 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6880 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6869 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6868 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6873 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6872 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6871 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6870 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6877 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6876 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6875 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6874 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6879 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6878 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6886 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6885 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6888 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6887 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:6889 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6891 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6890 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:6893 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6892 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6895 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6894 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6899 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6898 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6901 The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ... oval:org.secpod.oval:def:6900 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ... oval:org.secpod.oval:def:6903 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6902 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:7632 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7633 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7634 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7635 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7636 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7637 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7638 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7639 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7640 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7641 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7642 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7643 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7644 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7645 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7646 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7647 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7648 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7649 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7650 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7651 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7652 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7653 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7654 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7655 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7656 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:7657 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:7658 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7659 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7660 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7661 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7662 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7663 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7664 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7665 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7666 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7667 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7668 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7669 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7670 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7671 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:7672 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7727 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7728 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7729 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7730 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:8035 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:8036 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8037 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:8038 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8039 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:8041 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:8042 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:8043 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:8044 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8045 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8046 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8047 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8048 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8049 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8050 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8051 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8053 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8054 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8055 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8056 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:8057 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8059 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8060 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8062 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8064 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8065 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8066 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8067 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8068 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8069 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8070 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8072 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8073 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8074 The host is missing a security update according to MFSA 2012-97. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:8075 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8076 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8077 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document. S ... oval:org.secpod.oval:def:9619 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9620 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9621 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly handle certain unknown vectors. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9625 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9626 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9628 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9629 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:9632 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9633 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9634 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9637 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9640 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9642 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9644 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code executio vulnerability. A flaw is present in the applications, which fail to properly interact wi ... oval:org.secpod.oval:def:9648 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9649 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9652 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9653 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9654 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9657 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9661 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9663 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9929 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9932 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9933 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9934 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ... oval:org.secpod.oval:def:9935 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ... oval:org.secpod.oval:def:9937 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:9939 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState function. Successful exploitation allows remote ... oval:org.secpod.oval:def:9940 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9942 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:9945 The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:9946 The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ... oval:org.secpod.oval:def:9947 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9948 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:9931 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... oval:org.secpod.oval:def:9930 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:16370 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:9936 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9938 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:9944 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9943 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:9941 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:9949 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:16356 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:16367 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:16368 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:16363 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16364 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16335 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig ... oval:org.secpod.oval:def:16332 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:16338 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on ... oval:org.secpod.oval:def:16336 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers. oval:org.secpod.oval:def:16331 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:9950 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:16326 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:10673 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10680 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and ot ... oval:org.secpod.oval:def:10681 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10683 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10684 The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:10685 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10675 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:10676 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ... oval:org.secpod.oval:def:10677 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.secpod.oval:def:10678 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:10679 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:10686 The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:10687 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10688 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10689 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:9659 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9656 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9655 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9650 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9651 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9664 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9660 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9662 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9636 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9635 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9631 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9639 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9630 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9647 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:9646 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9643 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9645 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9641 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9624 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9627 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9623 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9622 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:17841 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17840 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17845 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17843 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17839 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:17836 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17853 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17856 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17855 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17854 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:17849 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17848 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:16258 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16255 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16256 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. oval:org.secpod.oval:def:16259 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16254 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. oval:org.secpod.oval:def:16251 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16261 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:17329 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17327 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:16238 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:17320 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:16247 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:17335 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17334 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:16245 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:17333 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:16242 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17332 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:16243 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17331 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:16240 Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ... oval:org.secpod.oval:def:17330 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:16241 Mozilla security developer Daniel Veditz discovered that lt;iframe sandboxgt; restrictions are not applied to an lt;objectgt; element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use lt;objectgt; element to bypass the sandbox restrictions th ... oval:org.secpod.oval:def:17302 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17300 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:17314 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17313 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17312 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17311 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17317 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17315 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17310 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:17835 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17833 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:16749 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:16748 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:16730 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16731 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16734 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:16735 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:16733 Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable. oval:org.secpod.oval:def:16727 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:16728 Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy. oval:org.secpod.oval:def:16725 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16726 Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ... oval:org.secpod.oval:def:16729 Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ... oval:org.secpod.oval:def:16741 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:16742 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ... oval:org.secpod.oval:def:16740 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:16745 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16746 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. oval:org.secpod.oval:def:16743 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ... oval:org.secpod.oval:def:16744 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16738 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:16739 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. oval:org.secpod.oval:def:16736 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16737 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in j ... oval:org.secpod.oval:def:16724 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:15024 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:///URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the ... oval:org.secpod.oval:def:15021 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier(URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origi ... oval:org.secpod.oval:def:15022 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-sitescripting (XSS) attacks by web workers. oval:org.secpod.oval:def:15014 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format (CRMF) request with certain parameters. This causes a potentially exploitable crash. oval:org.secpod.oval:def:15012 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:15013 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitablecrash. oval:org.secpod.oval:def:15018 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:15019 Mozilla Developer Bobby Holley and Mozilla security researcher moz_bug_r_a4 discovered a mechanism where XBL scopes can be be used to circumvent XrayWrappers from within the Chrome on unprivileged objects. This allows web content to potentially confuse privileged code and weaken invariants and can l ... oval:org.secpod.oval:def:15016 Security researcher Aki Helin from OUSPG used the AddressSanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties. oval:org.secpod.oval:def:15017 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:10670 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10671 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10672 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:10665 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:10666 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10667 The host is missing a security update according to Mozilla advisory, MFSA 2013-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:10668 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10669 The host is missing a security update according to Mozilla advisory, MFSA 2013-39. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:10660 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle color profiles during PNG rendering. Successful exploitation allows remote attackers to obtain sensiti ... oval:org.secpod.oval:def:10661 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:10662 The host is installed with Mozilla Firefox before 20.0, SeaMonkey before 2.17, Firefox ESR before 20.0, Thunderbird before 17.0.5 or Thunderbird ESR before 17.0.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors re ... oval:org.secpod.oval:def:10663 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10654 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10656 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10657 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:10658 The host is installed with Mozilla Firefox before 20.0 or SeaMonkey before 2.17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent origin spoofing of tab-modal dialogs. Successful exploitation allows remote attackers to conduct phishing ... oval:org.secpod.oval:def:10659 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.secpod.oval:def:15048 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. oval:org.secpod.oval:def:15045 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. oval:org.secpod.oval:def:15049 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15043 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, SeaMonkey before 2.20 or Mozilla Firefox ESR, Mozilla Thunderbird, Mozilla Thunderbird ESR before 17.0.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl ... oval:org.secpod.oval:def:15044 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the t ... oval:org.secpod.oval:def:15042 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:15056 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:15050 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15051 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:15054 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:15053 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:16268 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16269 Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and have ... oval:org.secpod.oval:def:16266 Mozilla security developer Daniel Veditz discovered that <iframe sandbox> restrictions are not applied to an <object> element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use <object> element to bypass the sandbox restricti ... oval:org.secpod.oval:def:16267 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16265 Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allo ... oval:org.secpod.oval:def:16263 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16279 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. oval:org.secpod.oval:def:16277 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, SeaMonkey before 2.23, Firefox ESR 24.0 before 24.2 or Thunderbird before 24.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:16271 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16272 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:16270 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:16276 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16273 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16282 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16283 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16280 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16281 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. oval:org.secpod.oval:def:16286 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:16287 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16284 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16285 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. oval:org.secpod.oval:def:16697 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:16698 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16699 Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to b ... oval:org.secpod.oval:def:16701 Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe"s DOM and other attributes through a timing attack, violating same-origin policy. oval:org.secpod.oval:def:16702 Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to u ... oval:org.secpod.oval:def:16700 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:16712 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. oval:org.secpod.oval:def:16713 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:16710 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, SeaMonkey before 2.24, Thunderbird before 24.3 or Firefox ESR 24.0 before 24.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:16711 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:16706 Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable. oval:org.secpod.oval:def:16703 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16704 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16709 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16707 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:16708 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:16716 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient styl ... oval:org.secpod.oval:def:16717 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16714 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:16715 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functi ... oval:org.secpod.oval:def:16718 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16719 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. oval:org.secpod.oval:def:17149 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17147 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17159 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17158 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17157 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:17152 Security researchers Tim Philipp Schafers and Sebastian Neef , the team of Internetwache.org, reported a mechanism using JavaScript onbeforeunload events with page navigation to prevent users from closing a malicious page"s tab and causing the browser to become unresponsive. This allows for a deni ... oval:org.secpod.oval:def:17151 Mozilla developer Ehsan Akhgari reported a spoofing attack where the permission prompt for a WebRTC session can appear to be from a different site than its actual originating site if a timed navigation occurs during the prompt generation. This allows an attacker to potentially gain access to the we ... oval:org.secpod.oval:def:17150 Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack. oval:org.secpod.oval:def:17155 Security researcher Nicolas Golubovic reported that the Content Security Policy (CSP) of data: documents was not saved as part of session restore. If an attacker convinced a victim to open a document from a data: URL injected onto a page, this can lead to a Cross-Site Scripting (XSS) attack. The ... oval:org.secpod.oval:def:17154 Mozilla developer Jeff Gilbert discovered a mechanism where a malicious site with WebGL content could inject content from its context to that of another site"s WebGL context, causing the second site to replace textures and similar content. This cannot be used to steal data but could be used to rend ... oval:org.secpod.oval:def:17820 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, SeaMonkey before 2.26, Thunderbird before 24.5 or Firefox ESR 24.0 before 24.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v ... oval:org.secpod.oval:def:17824 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17823 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:17822 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted ... oval:org.secpod.oval:def:17817 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:17815 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17814 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17819 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17818 Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page. oval:org.secpod.oval:def:17831 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17830 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:17832 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17826 The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped obje ... oval:org.secpod.oval:def:17825 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory co ... oval:org.secpod.oval:def:17829 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17813 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:16721 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:16722 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:17810 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentia ... oval:org.secpod.oval:def:17805 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:17809 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17808 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17807 Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable. oval:org.secpod.oval:def:17182 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17181 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:17180 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:17169 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. oval:org.secpod.oval:def:17168 The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve e ... oval:org.secpod.oval:def:17163 Security researcher George Hotz , via TippingPoint"s Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. oval:org.secpod.oval:def:17162 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17161 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17160 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17167 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:17165 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, SeaMonkey before 2.25, Firefox ESR before 24.0 before 24.4 or Thunderbird before 24.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... oval:org.secpod.oval:def:17164 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17179 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:17174 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:17173 The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. oval:org.secpod.oval:def:17172 The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. oval:org.secpod.oval:def:17178 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:17177 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:17176 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17170 Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. oval:org.secpod.oval:def:3659 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:4441 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06 . The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitatio ... oval:org.secpod.oval:def:4442 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4440 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4445 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4446 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4443 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4444 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4449 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4447 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4448 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4453 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4450 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4454 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:4438 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4439 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4922 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly r ... oval:org.secpod.oval:def:4923 The host is missing a critical security update according to Mozilla advisory, MFSA2012-12. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4920 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4921 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4924 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4925 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:4919 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:4917 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4918 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4911 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4912 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-18. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4915 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4916 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:4913 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4914 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:4908 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4906 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4907 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5465 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5464 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5463 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5462 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5469 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5468 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5467 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5466 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5461 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5476 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5475 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5474 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5473 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5479 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5478 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5477 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5472 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5471 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 on Windows Vista and Windows 7 systems and is prone to memory corruption vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:5470 The host is missing a critical security update according to Mozilla advisory, MFSA2012-25. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to properly restrict font-rendering attempts. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:5483 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5482 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:5481 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5480 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:6120 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6103 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6102 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6101 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6104 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:6109 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6114 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6113 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6112 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6111 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6118 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6117 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6116 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6115 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6119 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6110 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:6840 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6844 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6843 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6842 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:6841 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6848 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6847 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6846 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6845 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:6849 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6850 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6822 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6821 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6820 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6826 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6825 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6824 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6823 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6829 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6828 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6827 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6833 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6832 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6831 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6830 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6837 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6836 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6835 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6834 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6819 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6818 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6860 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:7723 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7724 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:6855 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6859 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6858 The host is missing a security update according to Mozilla advisory, MFSA 2012-69. The update is required to fix a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different https sites. Success ... oval:org.secpod.oval:def:6857 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a certificate spoofing vulnerability. A flaw is present in the applications, which fail to properly handle onLocationChange events during navigation between different htt ... oval:org.secpod.oval:def:6856 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:7596 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7597 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7598 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7599 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7592 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7593 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7594 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7595 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7590 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7591 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7630 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:7611 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7612 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7613 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7614 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:7610 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7619 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7615 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:7616 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7617 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7618 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7622 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7623 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7624 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7625 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7620 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7621 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7626 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7627 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7628 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7629 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:7600 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7601 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7602 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7603 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7608 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7609 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7604 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7605 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7606 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7607 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7997 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:7998 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:7999 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:7992 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7993 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:7994 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:7995 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:7991 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:7725 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7726 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:8029 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8025 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8026 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8027 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8021 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8022 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8023 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8024 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8033 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8034 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8030 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8031 The host is missing a security update according to MFSA 2012-99. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:8007 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8009 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8003 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8004 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8005 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8006 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8000 The host is installed with Mozilla Firefox 11.0 before 17.0, before 10.0.11, Firefox ESR before 17.0.2, 10.x before 10.0.12, Thunderbird 11.0 before 17.0, before 10.0.11, Thunderbird ESR 17.0.2, 10.x before 10.0.12 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A ... oval:org.secpod.oval:def:8001 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8002 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8019 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8014 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8016 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8017 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8010 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8011 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8013 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:9702 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9701 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9703 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9700 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9709 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9706 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9705 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9708 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9707 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9710 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9669 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9668 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:9665 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9667 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15 or Thunderbird ESR, Firefox ESR 10.x before 10.0.12 or 17.x before 17.0.2 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly ha ... oval:org.secpod.oval:def:9666 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9698 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9697 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9699 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9694 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9693 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:9696 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9695 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9690 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact w ... oval:org.secpod.oval:def:9692 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9691 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9679 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9676 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9675 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2, SeaMonkey before 2.15, Thunderbird ESR, Firefox ESR 10.0.x before 10.0.12 or 17.x before 17.0.2 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted docu ... oval:org.secpod.oval:def:9678 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9677 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9672 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9671 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9674 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9673 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9670 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9687 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9686 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9689 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9688 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9683 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9682 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9685 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9681 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9680 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9911 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9910 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9913 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass intended access r ... oval:org.secpod.oval:def:9912 The host is installed with Mozilla Firefox before 19.0 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information from process mem ... oval:org.secpod.oval:def:9919 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:9918 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function ... oval:org.secpod.oval:def:9915 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Su ... oval:org.secpod.oval:def:9914 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9917 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState fun ... oval:org.secpod.oval:def:9916 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:9922 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9921 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:9924 The host is missing a security update according to Mozilla advisory, MFSA 2013-22. The update is required to fix out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle a crafted GIF image. Successful exploitation allows attackers to obtain sensitive information ... oval:org.secpod.oval:def:9923 The host is missing a security update according to Mozilla advisory, MFSA 2013-23. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent multiple wrapping of WebIDL objects. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:9920 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR 17.x before 17.0.3 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vect ... oval:org.secpod.oval:def:9926 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:9925 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9928 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:9927 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9908 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:9907 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3, SeaMonkey before 2.16 or Thunderbird ESR, Firefox ESR before 17.0.3 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster functi ... oval:org.secpod.oval:def:9909 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... |
