Firefox
Update Firefox to version 135.0.1

What patches are you missing?



CVE Vulnerabilities for Firefox

CVEPublishedSeverityDetailsExploitability Impact Vector
CVE‑2025‑10202025‑02‑04 14:15:33CRITICAL (10)Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.46NETWORK
CVE‑2025‑10192025‑02‑04 14:15:33MEDIUM (4)The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.31NETWORK
CVE‑2025‑10182025‑02‑04 14:15:33MEDIUM (5)The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.41NETWORK
CVE‑2025‑10172025‑02‑04 14:15:33CRITICAL (10)Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.46NETWORK
CVE‑2025‑10162025‑02‑04 14:15:32CRITICAL (10)Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.46NETWORK
CVE‑2025‑10142025‑02‑04 14:15:32HIGH (9)Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.36NETWORK
CVE‑2025‑10122025‑02‑04 14:15:32HIGH (8)A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.26NETWORK
CVE‑2025‑10112025‑02‑04 14:15:32HIGH (9)A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.36NETWORK
CVE‑2025‑10102025‑02‑04 14:15:32HIGH (9)An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.36NETWORK
CVE‑2025‑10092025‑02‑04 14:15:32CRITICAL (10)An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.46NETWORK
CVE‑2024‑96802024‑10‑09 13:15:12CRITICAL (10)An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.46NETWORK
CVE‑2024‑93992024‑10‑01 16:15:11HIGH (8)A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.44NETWORK
CVE‑2024‑93982024‑10‑01 16:15:11MEDIUM (5)By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.41NETWORK
CVE‑2024‑93972024‑10‑01 16:15:11MEDIUM (6)A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.33NETWORK
CVE‑2024‑93942024‑10‑01 16:15:11HIGH (8)An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.44NETWORK
CVE‑2024‑93932024‑10‑01 16:15:11HIGH (8)An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.44NETWORK
CVE‑2024‑83882024‑09‑03 13:15:06MEDIUM (5)Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.41NETWORK
CVE‑2024‑75312024‑08‑06 13:15:58MEDIUM (7)Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.34NETWORK
CVE‑2024‑75292024‑08‑06 13:15:58MEDIUM (7)The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.34NETWORK
CVE‑2024‑75232024‑08‑06 13:15:57HIGH (8)A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129.35NETWORK
CVE‑2024‑75182024‑08‑06 13:15:57MEDIUM (7)Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.34NETWORK
CVE‑2024‑104682024‑10‑29 13:15:04MEDIUM (5)Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.24NETWORK
CVE‑2024‑104672024‑10‑29 13:15:04HIGH (9)Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.36NETWORK
CVE‑2024‑104662024‑10‑29 13:15:04HIGH (8)By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.44NETWORK
CVE‑2024‑104652024‑10‑29 13:15:04MEDIUM (7)A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.34NETWORK
CVE‑2024‑104642024‑10‑29 13:15:04MEDIUM (7)Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.34NETWORK
CVE‑2024‑104632024‑10‑29 13:15:04MEDIUM (7)Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.34NETWORK
CVE‑2024‑104622024‑10‑29 13:15:04MEDIUM (7)Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.34NETWORK
CVE‑2024‑104612024‑10‑29 13:15:04MEDIUM (6)In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.33NETWORK
CVE‑2024‑104602024‑10‑29 13:15:04MEDIUM (5)The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.41NETWORK
CVE‑2024‑104592024‑10‑29 13:15:04HIGH (8)An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.44NETWORK
CVE‑2024‑104582024‑10‑29 13:15:04HIGH (8)A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.44NETWORK
CVE‑2023‑68702023‑12‑19 14:15:08MEDIUM (4)Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.31NETWORK
CVE‑2023‑57292023‑10‑25 18:17:44MEDIUM (4)A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.31NETWORK
CVE‑2023‑57262023‑10‑25 18:17:44MEDIUM (4)A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.31NETWORK
CVE‑2023‑57252023‑10‑25 18:17:44MEDIUM (4)A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.31NETWORK
CVE‑2023‑52172023‑09‑28 16:15:11HIGH (9)Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)36NETWORK
CVE‑2023‑48632023‑09‑12 15:15:24HIGH (9)Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)36NETWORK
CVE‑2023‑40532023‑08‑01 15:15:10MEDIUM (7)A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.34NETWORK
CVE‑2023‑40512023‑08‑01 15:15:10HIGH (8)A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.44NETWORK
CVE‑2023‑372072023‑07‑05 09:15:10MEDIUM (7)A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.34NETWORK
CVE‑2023‑372042023‑07‑05 10:15:10MEDIUM (7)A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.34NETWORK
CVE‑2023‑322122023‑06‑02 17:15:13MEDIUM (4)An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.31NETWORK
CVE‑2023‑322052023‑06‑02 17:15:13MEDIUM (4)In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.31NETWORK
CVE‑2023‑295412023‑06‑02 17:15:13HIGH (9)Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.36NETWORK
CVE‑2023‑295382023‑06‑02 17:15:13MEDIUM (4)Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.31NETWORK
CVE‑2023‑295342023‑06‑19 11:15:10CRITICAL (9)Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. 45NETWORK
CVE‑2023‑295332023‑06‑02 17:15:12MEDIUM (4)A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.31NETWORK
CVE‑2023‑295322023‑06‑19 10:15:09MEDIUM (6)A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. 24LOCAL
CVE‑2022‑468852022‑12‑22 20:15:48HIGH (9)Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.36NETWORK
CVE‑2022‑468832022‑12‑22 20:15:48HIGH (9)Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107.36NETWORK
CVE‑2022‑468792022‑12‑22 20:15:47HIGH (9)Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108.36NETWORK
CVE‑2022‑468782022‑12‑22 20:15:47HIGH (9)Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.36NETWORK
CVE‑2022‑454212022‑12‑22 20:15:45HIGH (9)Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.36NETWORK
CVE‑2022‑429322022‑12‑22 20:15:41HIGH (9)Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.36NETWORK
CVE‑2022‑409622022‑12‑22 20:15:40HIGH (9)Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.36NETWORK
CVE‑2022‑384782022‑12‑22 20:15:38HIGH (9)Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.36NETWORK
CVE‑2022‑384772022‑12‑22 20:15:37HIGH (9)Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.36NETWORK
CVE‑2022‑363202022‑12‑22 20:15:36CRITICAL (10)Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.46NETWORK
CVE‑2022‑344852022‑12‑22 20:15:34CRITICAL (10)Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.46NETWORK
CVE‑2022‑344842022‑12‑22 20:15:34HIGH (9)The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.36NETWORK
CVE‑2022‑344782022‑12‑22 20:15:33MEDIUM (7)The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.34NETWORK
CVE‑2022‑317482022‑12‑22 20:15:31CRITICAL (10)Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101.46NETWORK
CVE‑2022‑317472022‑12‑22 20:15:30CRITICAL (10)Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.46NETWORK
CVE‑2022‑299182022‑12‑22 20:15:27HIGH (9)Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 100.36NETWORK
CVE‑2022‑299172022‑12‑22 20:15:27CRITICAL (10)Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.46NETWORK
CVE‑2022‑299152022‑12‑22 20:15:27MEDIUM (4)The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.31NETWORK
CVE‑2022‑282892022‑12‑22 20:15:25HIGH (9)Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.36NETWORK
CVE‑2022‑282882022‑12‑22 20:15:25HIGH (9)Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 99.36NETWORK
CVE‑2022‑25052022‑12‑22 20:15:28HIGH (9)Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.36NETWORK
CVE‑2022‑227642022‑12‑22 20:15:21HIGH (9)Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.36NETWORK
CVE‑2022‑227522022‑12‑22 20:15:17HIGH (9)Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96.36NETWORK
CVE‑2022‑227512022‑12‑22 20:15:17HIGH (9)Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.36NETWORK
CVE‑2022‑08432022‑12‑22 20:15:13HIGH (9)Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.36NETWORK
CVE‑2022‑05112022‑12‑22 20:15:12HIGH (9)Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97.36NETWORK
CVE‑2021‑435462021‑12‑08 22:15:10MEDIUM (4)It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.31NETWORK
CVE‑2021‑435402021‑12‑08 22:15:10MEDIUM (7)WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.34NETWORK
CVE‑2021‑435342021‑12‑08 22:15:09HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.36NETWORK
CVE‑2021‑41292022‑12‑22 20:15:12CRITICAL (10)Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.46NETWORK
CVE‑2021‑385082021‑12‑08 22:15:09MEDIUM (4)By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.31NETWORK
CVE‑2021‑385052021‑12‑08 22:15:09MEDIUM (7)Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.34NETWORK
CVE‑2021‑385012021‑11‑03 01:15:08HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.36NETWORK
CVE‑2021‑385002021‑11‑03 01:15:08HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.36NETWORK
CVE‑2021‑384992021‑11‑03 01:15:08HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.36NETWORK
CVE‑2021‑384952021‑11‑03 01:15:07HIGH (9)Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.36NETWORK
CVE‑2021‑384942021‑11‑03 01:15:07HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.36NETWORK
CVE‑2021‑384932021‑11‑03 01:15:07HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.36NETWORK
CVE‑2021‑305472021‑06‑15 22:15:09HIGH (9)Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.36NETWORK
CVE‑2021‑299902021‑08‑17 20:15:08HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.36NETWORK
CVE‑2021‑299892021‑08‑17 20:15:08HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.36NETWORK
CVE‑2021‑299812021‑08‑17 20:15:08HIGH (9)An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.36NETWORK
CVE‑2021‑299772021‑08‑05 20:15:09HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.36NETWORK
CVE‑2021‑299762021‑08‑05 20:15:09HIGH (9)Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.36NETWORK
CVE‑2021‑299672021‑06‑24 14:15:10HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.36NETWORK
CVE‑2021‑299662021‑06‑24 14:15:10HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89.36NETWORK
CVE‑2021‑299512021‑06‑24 14:15:10MEDIUM (7)The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.43NETWORK
CVE‑2021‑299472021‑06‑24 14:15:10HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88.36NETWORK
CVE‑2021‑239882021‑03‑31 14:15:20HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.36NETWORK
CVE‑2021‑239872021‑03‑31 14:15:19HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.36NETWORK
CVE‑2021‑239792021‑02‑26 16:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.36NETWORK
CVE‑2021‑239782021‑02‑26 16:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.36NETWORK
CVE‑2021‑239652021‑02‑26 16:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.36NETWORK
CVE‑2021‑239642021‑02‑26 16:15:12HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.36NETWORK
CVE‑2021‑206282021‑03‑18 01:15:12MEDIUM (6)Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.33NETWORK
CVE‑2020‑68282020‑04‑24 16:15:14HIGH (8)A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.44NETWORK
CVE‑2020‑68262020‑04‑24 16:15:14CRITICAL (10)Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75.46NETWORK
CVE‑2020‑68252020‑04‑24 16:15:14CRITICAL (10)Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.46NETWORK
CVE‑2020‑68152020‑03‑25 22:15:13CRITICAL (10)Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74.46NETWORK
CVE‑2020‑68142020‑03‑25 22:15:13CRITICAL (10)Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.46NETWORK
CVE‑2020‑68132020‑03‑25 22:15:13MEDIUM (5)When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.41NETWORK
CVE‑2020‑68102020‑03‑25 22:15:13MEDIUM (4)After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.31NETWORK
CVE‑2020‑68012020‑03‑02 05:15:14HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73.36NETWORK
CVE‑2020‑68002020‑03‑02 05:15:14HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.36NETWORK
CVE‑2020‑351142021‑01‑07 14:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.36NETWORK
CVE‑2020‑351132021‑01‑07 14:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.36NETWORK
CVE‑2020‑269692020‑12‑09 01:15:14HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.36NETWORK
CVE‑2020‑269682020‑12‑09 01:15:14HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.36NETWORK
CVE‑2020‑269672020‑12‑09 01:15:14MEDIUM (7)When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.34NETWORK
CVE‑2020‑19332020‑01‑28 01:15:13MEDIUM (6)A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers.33NETWORK
CVE‑2020‑160122021‑01‑08 19:15:12MEDIUM (4)Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.31NETWORK
CVE‑2020‑156842020‑10‑22 21:15:14CRITICAL (10)Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.46NETWORK
CVE‑2020‑156832020‑10‑22 21:15:14CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.46NETWORK
CVE‑2020‑156742020‑10‑01 19:15:14HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.36NETWORK
CVE‑2020‑156732020‑10‑01 19:15:14HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.36NETWORK
CVE‑2020‑156702020‑10‑01 19:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.36NETWORK
CVE‑2020‑156672020‑10‑01 19:15:13HIGH (9)When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.36NETWORK
CVE‑2020‑156632020‑10‑01 19:15:13HIGH (9)If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.36NETWORK
CVE‑2020‑156592020‑08‑10 18:15:13HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.36NETWORK
CVE‑2020‑156552020‑08‑10 18:15:12MEDIUM (7)A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.34NETWORK
CVE‑2020‑156522020‑08‑10 18:15:12MEDIUM (7)By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.34NETWORK
CVE‑2020‑156502020‑08‑10 18:15:12MEDIUM (6)Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.24LOCAL
CVE‑2020‑124262020‑07‑09 15:15:12HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.36NETWORK
CVE‑2020‑124112020‑07‑09 15:15:11HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77.36NETWORK
CVE‑2020‑124102020‑07‑09 15:15:11HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.36NETWORK
CVE‑2020‑124072020‑07‑09 15:15:11MEDIUM (7)Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.34NETWORK
CVE‑2020‑124062020‑07‑09 15:15:11HIGH (9)Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.36NETWORK
CVE‑2020‑123962020‑05‑26 17:15:10CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.46NETWORK
CVE‑2020‑123952020‑05‑26 17:15:10CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.46NETWORK
CVE‑2019‑98142019‑07‑23 14:15:17HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67.00NETWORK
CVE‑2019‑98002019‑07‑23 14:15:17HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.00NETWORK
CVE‑2019‑97962019‑04‑26 17:29:02HIGH (8)A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.00NETWORK
CVE‑2019‑97892019‑04‑26 17:29:01HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66.00NETWORK
CVE‑2019‑97882019‑04‑26 17:29:01CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.46NETWORK
CVE‑2019‑170252020‑01‑08 22:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.36NETWORK
CVE‑2019‑170242020‑01‑08 22:15:13HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.36NETWORK
CVE‑2019‑170192020‑01‑08 22:15:12HIGH (9)When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.36NETWORK
CVE‑2019‑170132020‑01‑08 22:15:12HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71.36NETWORK
CVE‑2019‑170122020‑01‑08 22:15:12HIGH (9)Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.36NETWORK
CVE‑2019‑170012020‑01‑08 22:15:12MEDIUM (6)A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.33NETWORK
CVE‑2019‑149532019‑10‑01 16:15:11MEDIUM (6)JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.33NETWORK
CVE‑2019‑117642020‑01‑08 21:15:10HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.36NETWORK
CVE‑2019‑117582020‑01‑08 20:15:13HIGH (9)Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.36NETWORK
CVE‑2019‑117532019‑09‑27 18:15:14HIGH (8)The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.26LOCAL
CVE‑2019‑117482019‑09‑27 18:15:13MEDIUM (7)WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.34NETWORK
CVE‑2019‑117402019‑09‑27 18:15:12HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.36NETWORK
CVE‑2019‑117362019‑09‑27 18:15:11HIGH (7)The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.16LOCAL
CVE‑2019‑117352019‑09‑27 18:15:11HIGH (9)Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.36NETWORK
CVE‑2019‑117342019‑09‑27 18:15:11CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69.46NETWORK
CVE‑2019‑117102019‑07‑23 14:15:15CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.46NETWORK
CVE‑2019‑117092019‑07‑23 14:15:15CRITICAL (10)Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.46NETWORK
CVE‑2018‑80242018‑07‑12 13:29:00MEDIUM (5)In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.00NETWORK
CVE‑2018‑51832018‑06‑11 21:29:16HIGH (8)Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.00NETWORK
CVE‑2018‑51732018‑06‑11 21:29:16MEDIUM (5)The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60.00NETWORK
CVE‑2018‑51662018‑06‑11 21:29:16MEDIUM (5)WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.00NETWORK
CVE‑2018‑51652018‑06‑11 21:29:16MEDIUM (5)In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.41NETWORK
CVE‑2018‑51522018‑06‑11 21:29:15MEDIUM (4)WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.00NETWORK
CVE‑2018‑51372018‑06‑11 21:29:14MEDIUM (5)A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.00NETWORK
CVE‑2018‑51352018‑06‑11 21:29:14MEDIUM (5)WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59.00NETWORK
CVE‑2018‑51342018‑06‑11 21:29:14MEDIUM (5)WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.00NETWORK
CVE‑2018‑51322018‑06‑11 21:29:14MEDIUM (4)The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.00NETWORK
CVE‑2018‑51312018‑06‑11 21:29:14MEDIUM (4)Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.00NETWORK
CVE‑2018‑51162018‑06‑11 21:29:14HIGH (8)WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.00NETWORK
CVE‑2018‑51132018‑06‑11 21:29:13MEDIUM (5)The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.00NETWORK
CVE‑2018‑51052018‑06‑11 21:29:13HIGH (7)WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.00LOCAL
CVE‑2018‑185022019‑02‑05 21:29:00HIGH (10)Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.00NETWORK
CVE‑2018‑185012019‑02‑05 21:29:00HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.00NETWORK
CVE‑2018‑184972019‑02‑28 18:29:02MEDIUM (4)Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.00NETWORK
CVE‑2018‑184952019‑02‑28 18:29:02MEDIUM (4)WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.00NETWORK
CVE‑2018‑124062019‑02‑28 18:29:01MEDIUM (7)Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64.00NETWORK
CVE‑2018‑124052019‑02‑28 18:29:01HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.00NETWORK
CVE‑2018‑123972019‑02‑28 18:29:01LOW (4)A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.00LOCAL
CVE‑2018‑123962019‑02‑28 18:29:01MEDIUM (4)A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.00NETWORK
CVE‑2018‑123952019‑02‑28 18:29:01MEDIUM (5)By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.00NETWORK
CVE‑2018‑123902019‑02‑28 18:29:00HIGH (8)Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.00NETWORK
CVE‑2018‑123892019‑02‑28 18:29:00MEDIUM (7)Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.00NETWORK
CVE‑2018‑123882019‑02‑28 18:29:00MEDIUM (7)Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.00NETWORK
CVE‑2018‑123852018‑10‑18 13:29:06MEDIUM (4)A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.00LOCAL
CVE‑2018‑123792018‑10‑18 13:29:05MEDIUM (5)When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.00LOCAL
CVE‑2018‑123692018‑10‑18 13:29:04HIGH (8)WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.00NETWORK
CVE‑2018‑123682018‑10‑18 13:29:03HIGH (9)Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.00NETWORK
CVE‑2018‑123662018‑10‑18 13:29:03MEDIUM (4)An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.00NETWORK
CVE‑2018‑123642018‑10‑18 13:29:02MEDIUM (7)NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.00NETWORK
CVE‑2017‑78212018‑06‑11 21:29:11HIGH (8)A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.00NETWORK
CVE‑2017‑78162018‑06‑11 21:29:11MEDIUM (5)WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.00NETWORK
CVE‑2017‑77842018‑06‑11 21:29:09HIGH (8)A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.00NETWORK
CVE‑2017‑77682018‑06‑11 21:29:09LOW (2)The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.00LOCAL
CVE‑2017‑77672018‑06‑11 21:29:09LOW (2)The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.00LOCAL
CVE‑2017‑77662018‑06‑11 21:29:09MEDIUM (5)An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.00LOCAL
CVE‑2017‑77642018‑06‑11 21:29:08MEDIUM (5)Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.00NETWORK
CVE‑2017‑77612018‑06‑11 21:29:08LOW (4)The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.00LOCAL
CVE‑2017‑77602018‑06‑11 21:29:08MEDIUM (5)The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.00LOCAL
CVE‑2017‑54362018‑06‑11 21:29:06MEDIUM (7)An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.00NETWORK
CVE‑2017‑54092018‑06‑11 21:29:04LOW (4)The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.00LOCAL
CVE‑2017‑53932018‑06‑11 21:29:04MEDIUM (4)The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51.00NETWORK
CVE‑2017‑53892018‑06‑11 21:29:03MEDIUM (6)WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.00NETWORK
CVE‑2017‑53862018‑06‑11 21:29:03HIGH (8)WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.00NETWORK
CVE‑2016‑99032018‑06‑11 21:29:02MEDIUM (4)Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.00NETWORK
CVE‑2016‑90752018‑06‑11 21:29:02HIGH (8)An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.00NETWORK
CVE‑2016‑90732018‑06‑11 21:29:01MEDIUM (5)WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.00NETWORK
CVE‑2016‑90722018‑06‑11 21:29:01MEDIUM (5)When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.00NETWORK
CVE‑2016‑90622018‑06‑11 21:29:01LOW (2)Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.00LOCAL
CVE‑2016‑52952018‑06‑11 21:29:01MEDIUM (5)This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.00LOCAL
CVE‑2016‑52942018‑06‑11 21:29:01LOW (2)The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.00LOCAL
CVE‑2016‑52932018‑06‑11 21:29:01LOW (2)When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.00LOCAL
CVE‑2016‑52842016‑09‑22 22:59:19MEDIUM (4)Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.00NETWORK
CVE‑2016‑52832016‑09‑22 22:59:18MEDIUM (7)Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.00NETWORK
CVE‑2016‑52822016‑09‑22 22:59:17MEDIUM (4)Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.00NETWORK
CVE‑2016‑52812016‑09‑22 22:59:16HIGH (8)Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.00NETWORK
CVE‑2016‑52802016‑09‑22 22:59:15HIGH (8)Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.00NETWORK
CVE‑2016‑52792016‑09‑22 22:59:14MEDIUM (4)Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.00NETWORK
CVE‑2016‑52782016‑09‑22 22:59:13MEDIUM (7)Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.00NETWORK
CVE‑2016‑52772016‑09‑22 22:59:12HIGH (8)Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.00NETWORK
CVE‑2016‑52762016‑09‑22 22:59:10HIGH (8)Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.00NETWORK
CVE‑2016‑52752016‑09‑22 22:59:09MEDIUM (7)Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.00NETWORK
CVE‑2016‑52742016‑09‑22 22:59:08HIGH (8)Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.00NETWORK
CVE‑2016‑52732016‑09‑22 22:59:07MEDIUM (7)The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.00NETWORK
CVE‑2016‑52722016‑09‑22 22:59:06MEDIUM (7)The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.00NETWORK
CVE‑2016‑52712016‑09‑22 22:59:05MEDIUM (4)The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.00NETWORK
CVE‑2016‑52702016‑09‑22 22:59:04HIGH (8)Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.00NETWORK
CVE‑2016‑52682016‑08‑05 01:59:24MEDIUM (4)Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.00NETWORK
CVE‑2016‑52672016‑08‑05 01:59:23MEDIUM (4)Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.00NETWORK
CVE‑2016‑52662016‑08‑05 01:59:22MEDIUM (6)Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.00NETWORK
CVE‑2016‑52652016‑08‑05 01:59:21MEDIUM (4)Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.00NETWORK
CVE‑2016‑52642016‑08‑05 01:59:20MEDIUM (7)Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.00NETWORK
CVE‑2016‑52632016‑08‑05 01:59:19MEDIUM (7)The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."00NETWORK
CVE‑2016‑52622016‑08‑05 01:59:18MEDIUM (4)Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.00NETWORK
CVE‑2016‑52612016‑08‑05 01:59:17HIGH (8)Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.00NETWORK
CVE‑2016‑52602016‑08‑05 01:59:16MEDIUM (4)Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.00NETWORK
CVE‑2016‑52592016‑08‑05 01:59:15MEDIUM (7)Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.00NETWORK
CVE‑2016‑52582016‑08‑05 01:59:14MEDIUM (7)Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.00NETWORK
CVE‑2016‑52572016‑09‑22 22:59:03HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑52562016‑09‑22 22:59:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑52552016‑08‑05 01:59:13MEDIUM (7)Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.00NETWORK
CVE‑2016‑52542016‑08‑05 01:59:12HIGH (8)Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.00NETWORK
CVE‑2016‑52532016‑08‑05 01:59:11MEDIUM (5)The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.00LOCAL
CVE‑2016‑52522016‑08‑05 01:59:10MEDIUM (7)Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.00NETWORK
CVE‑2016‑52512016‑08‑05 01:59:09MEDIUM (4)Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.00NETWORK
CVE‑2016‑52502016‑08‑05 01:59:07MEDIUM (5)Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.00NETWORK
CVE‑2016‑28392016‑08‑05 01:59:06MEDIUM (4)Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.00NETWORK
CVE‑2016‑28382016‑08‑05 01:59:05MEDIUM (7)Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.00NETWORK
CVE‑2016‑28372016‑08‑05 01:59:04MEDIUM (7)Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.00NETWORK
CVE‑2016‑28362016‑08‑05 01:59:03MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.00NETWORK
CVE‑2016‑28352016‑08‑05 01:59:01MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28342016‑06‑13 10:59:15HIGH (9)Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑28332016‑06‑13 10:59:14MEDIUM (4)Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.00NETWORK
CVE‑2016‑28322016‑06‑13 10:59:13MEDIUM (4)Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.00NETWORK
CVE‑2016‑28312016‑06‑13 10:59:12MEDIUM (6)Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.00NETWORK
CVE‑2016‑28302016‑08‑05 01:59:00MEDIUM (4)Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.00NETWORK
CVE‑2016‑28292016‑06‑13 10:59:11MEDIUM (4)Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.00NETWORK
CVE‑2016‑28282016‑06‑13 10:59:10MEDIUM (7)Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.00NETWORK
CVE‑2016‑28272016‑09‑22 22:59:00MEDIUM (4)The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.00NETWORK
CVE‑2016‑28262016‑06‑13 10:59:09HIGH (7)The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.00LOCAL
CVE‑2016‑28252016‑06‑13 10:59:08MEDIUM (4)Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.00NETWORK
CVE‑2016‑28242016‑06‑13 10:59:07MEDIUM (7)The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.00NETWORK
CVE‑2016‑28222016‑06‑13 10:59:06MEDIUM (4)Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.00NETWORK
CVE‑2016‑28212016‑06‑13 10:59:04MEDIUM (7)Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.00NETWORK
CVE‑2016‑28202016‑04‑30 17:59:16MEDIUM (4)The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.00NETWORK
CVE‑2016‑28192016‑06‑13 10:59:03MEDIUM (7)Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.00NETWORK
CVE‑2016‑28182016‑06‑13 10:59:02MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28172016‑04‑30 17:59:15MEDIUM (4)The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.00NETWORK
CVE‑2016‑28162016‑04‑30 17:59:14MEDIUM (4)Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.00NETWORK
CVE‑2016‑28152016‑06‑13 10:59:00MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28142016‑04‑30 17:59:12MEDIUM (7)Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.00NETWORK
CVE‑2016‑28132016‑04‑30 17:59:11MEDIUM (4)Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.00NETWORK
CVE‑2016‑28122016‑04‑30 17:59:10MEDIUM (5)Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.00NETWORK
CVE‑2016‑28112016‑04‑30 17:59:09MEDIUM (7)Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.00NETWORK
CVE‑2016‑28102016‑04‑30 17:59:07MEDIUM (4)Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.00NETWORK
CVE‑2016‑28092016‑04‑30 17:59:06MEDIUM (6)The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.00NETWORK
CVE‑2016‑28082016‑04‑30 17:59:05MEDIUM (5)The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.00NETWORK
CVE‑2016‑28072016‑04‑30 17:59:03HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28062016‑04‑30 17:59:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28052016‑04‑30 17:59:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28042016‑04‑30 17:59:00HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑28022016‑03‑13 18:59:42MEDIUM (7)The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑28012016‑03‑13 18:59:41MEDIUM (7)The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.00NETWORK
CVE‑2016‑28002016‑03‑13 18:59:39MEDIUM (7)The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.00NETWORK
CVE‑2016‑27992016‑03‑13 18:59:38HIGH (9)Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27982016‑03‑13 18:59:37MEDIUM (7)The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27972016‑03‑13 18:59:36MEDIUM (7)The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.00NETWORK
CVE‑2016‑27962016‑03‑13 18:59:35MEDIUM (7)Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27952016‑03‑13 18:59:34MEDIUM (7)The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27942016‑03‑13 18:59:33HIGH (9)The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27932016‑03‑13 18:59:32MEDIUM (7)CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27922016‑03‑13 18:59:31MEDIUM (7)The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.00NETWORK
CVE‑2016‑27912016‑03‑13 18:59:30MEDIUM (7)The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑27902016‑03‑13 18:59:29MEDIUM (7)The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑19792016‑03‑13 18:59:28MEDIUM (7)Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.00NETWORK
CVE‑2016‑19782016‑03‑13 18:59:27HIGH (8)Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.00NETWORK
CVE‑2016‑19772016‑03‑13 18:59:26MEDIUM (7)The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.00NETWORK
CVE‑2016‑19762016‑03‑13 18:59:25MEDIUM (7)Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑19752016‑03‑13 18:59:24MEDIUM (7)Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑19742016‑03‑13 18:59:23MEDIUM (7)The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.00NETWORK
CVE‑2016‑19732016‑03‑13 18:59:22MEDIUM (7)Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.00NETWORK
CVE‑2016‑19722016‑03‑13 18:59:22MEDIUM (7)Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑19712016‑03‑13 18:59:21MEDIUM (7)The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.00NETWORK
CVE‑2016‑19702016‑03‑13 18:59:20MEDIUM (7)Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑19692016‑03‑13 18:59:19MEDIUM (7)The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.00NETWORK
CVE‑2016‑19682016‑03‑13 18:59:17MEDIUM (7)Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.00NETWORK
CVE‑2016‑19672016‑03‑13 18:59:16MEDIUM (4)Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.00NETWORK
CVE‑2016‑19662016‑03‑13 18:59:15MEDIUM (7)The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.00NETWORK
CVE‑2016‑19652016‑03‑13 18:59:15MEDIUM (4)Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.00NETWORK
CVE‑2016‑19642016‑03‑13 18:59:14MEDIUM (7)Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.00NETWORK
CVE‑2016‑19632016‑03‑13 18:59:13MEDIUM (4)The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.00LOCAL
CVE‑2016‑19622016‑03‑13 18:59:12HIGH (10)Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.00NETWORK
CVE‑2016‑19612016‑03‑13 18:59:11MEDIUM (7)Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.00NETWORK
CVE‑2016‑19602016‑03‑13 18:59:10MEDIUM (7)Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.00NETWORK
CVE‑2016‑19592016‑03‑13 18:59:09MEDIUM (7)The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.00NETWORK
CVE‑2016‑19582016‑03‑13 18:59:08MEDIUM (4)browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.00NETWORK
CVE‑2016‑19572016‑03‑13 18:59:07MEDIUM (4)Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.00NETWORK
CVE‑2016‑19562016‑03‑13 18:59:06HIGH (7)Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.00NETWORK
CVE‑2016‑19552016‑03‑13 18:59:05MEDIUM (4)Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.00NETWORK
CVE‑2016‑19542016‑03‑13 18:59:04MEDIUM (7)The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.00NETWORK
CVE‑2016‑19532016‑03‑13 18:59:02MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.00NETWORK
CVE‑2016‑19522016‑03‑13 18:59:01MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑19502016‑03‑13 18:59:00MEDIUM (7)Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.00NETWORK
CVE‑2016‑19492016‑02‑13 02:59:13MEDIUM (7)Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.00NETWORK
CVE‑2016‑19482016‑01‑31 18:59:14MEDIUM (4)Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.00NETWORK
CVE‑2016‑19472016‑01‑31 18:59:13MEDIUM (4)Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.00NETWORK
CVE‑2016‑19462016‑01‑31 18:59:12HIGH (10)The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.00NETWORK
CVE‑2016‑19452016‑01‑31 18:59:12HIGH (9)The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.00NETWORK
CVE‑2016‑19442016‑01‑31 18:59:11HIGH (10)The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2016‑19432016‑01‑31 18:59:10MEDIUM (4)Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.00NETWORK
CVE‑2016‑19422016‑01‑31 18:59:09MEDIUM (4)Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.00NETWORK
CVE‑2016‑19412016‑01‑31 18:59:08MEDIUM (4)The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.00NETWORK
CVE‑2016‑19402016‑01‑31 18:59:07MEDIUM (5)Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.00NETWORK
CVE‑2016‑19392016‑01‑31 18:59:06MEDIUM (5)Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.00NETWORK
CVE‑2016‑19382016‑01‑31 18:59:05MEDIUM (6)The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.00NETWORK
CVE‑2016‑19372016‑01‑31 18:59:04MEDIUM (4)The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.00NETWORK
CVE‑2016‑19352016‑01‑31 18:59:03HIGH (9)Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.00NETWORK
CVE‑2016‑19332016‑01‑31 18:59:02MEDIUM (4)Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.00NETWORK
CVE‑2016‑19312016‑01‑31 18:59:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.00NETWORK
CVE‑2016‑19302016‑01‑31 18:59:00HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2016‑15262016‑02‑13 02:59:12MEDIUM (6)The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.00NETWORK
CVE‑2016‑15232016‑02‑13 02:59:09MEDIUM (4)The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.00NETWORK
CVE‑2016‑15222016‑02‑13 02:59:08HIGH (9)Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.00NETWORK
CVE‑2016‑15212016‑02‑13 02:59:07MEDIUM (7)The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.00NETWORK
CVE‑2015‑75752016‑01‑09 02:59:11MEDIUM (4)Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.00NETWORK
CVE‑2015‑73272015‑09‑24 04:59:29MEDIUM (4)Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.00NETWORK
CVE‑2015‑72232015‑12‑16 11:59:21MEDIUM (4)The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.00NETWORK
CVE‑2015‑72222015‑12‑16 11:59:20MEDIUM (7)Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.00NETWORK
CVE‑2015‑72212015‑12‑16 11:59:19HIGH (10)Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.00NETWORK
CVE‑2015‑72202015‑12‑16 11:59:18HIGH (10)Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.00NETWORK
CVE‑2015‑72192015‑12‑16 11:59:17MEDIUM (5)The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.00NETWORK
CVE‑2015‑72182015‑12‑16 11:59:16MEDIUM (5)The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.00NETWORK
CVE‑2015‑72172015‑12‑16 11:59:15MEDIUM (4)The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.00NETWORK
CVE‑2015‑72162015‑12‑16 11:59:14MEDIUM (7)The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.00NETWORK
CVE‑2015‑72152015‑12‑16 11:59:14MEDIUM (5)The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.00NETWORK
CVE‑2015‑72142015‑12‑16 11:59:13MEDIUM (5)Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.00NETWORK
CVE‑2015‑72132015‑12‑16 11:59:11MEDIUM (7)Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.00NETWORK
CVE‑2015‑72122015‑12‑16 11:59:10HIGH (8)Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.00NETWORK
CVE‑2015‑72112015‑12‑16 11:59:09MEDIUM (5)Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.00NETWORK
CVE‑2015‑72102015‑12‑16 11:59:08HIGH (8)Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.00NETWORK
CVE‑2015‑72082015‑12‑16 11:59:07MEDIUM (5)Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.00NETWORK
CVE‑2015‑72072015‑12‑16 11:59:06MEDIUM (5)Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.00NETWORK
CVE‑2015‑72052015‑12‑16 11:59:05HIGH (10)Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.00NETWORK
CVE‑2015‑72042015‑12‑16 11:59:04MEDIUM (7)Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.00NETWORK
CVE‑2015‑72032015‑12‑16 11:59:03HIGH (10)Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.00NETWORK
CVE‑2015‑72022015‑12‑16 11:59:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑72012015‑12‑16 11:59:00HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑72002015‑11‑05 05:59:24HIGH (8)The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.00NETWORK
CVE‑2015‑71992015‑11‑05 05:59:23HIGH (8)The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.00NETWORK
CVE‑2015‑71982015‑11‑05 05:59:22HIGH (8)Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.00NETWORK
CVE‑2015‑71972015‑11‑05 05:59:21MEDIUM (5)Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.00NETWORK
CVE‑2015‑71962015‑11‑05 05:59:20MEDIUM (7)Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.00NETWORK
CVE‑2015‑71952015‑11‑05 05:59:19MEDIUM (5)The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.00NETWORK
CVE‑2015‑71942015‑11‑05 05:59:18HIGH (8)Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.00NETWORK
CVE‑2015‑71932015‑11‑05 05:59:17HIGH (8)Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.00NETWORK
CVE‑2015‑71922015‑11‑05 05:59:16HIGH (8)The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.00NETWORK
CVE‑2015‑71912015‑11‑05 05:59:15MEDIUM (4)Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."00NETWORK
CVE‑2015‑71902015‑11‑05 05:59:14MEDIUM (5)The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.00NETWORK
CVE‑2015‑71892015‑11‑05 05:59:13MEDIUM (7)Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.00NETWORK
CVE‑2015‑71882015‑11‑05 05:59:12HIGH (8)Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.00NETWORK
CVE‑2015‑71872015‑11‑05 05:59:11MEDIUM (4)The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.00NETWORK
CVE‑2015‑71862015‑11‑05 05:59:10MEDIUM (4)Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document.00NETWORK
CVE‑2015‑71852015‑11‑05 05:59:09MEDIUM (4)Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.00NETWORK
CVE‑2015‑71842015‑10‑18 10:59:04MEDIUM (7)The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.00NETWORK
CVE‑2015‑71832015‑11‑05 05:59:08HIGH (8)Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.00NETWORK
CVE‑2015‑71822015‑11‑05 05:59:07HIGH (8)Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.00NETWORK
CVE‑2015‑71812015‑11‑05 05:59:06HIGH (8)The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.00NETWORK
CVE‑2015‑71802015‑09‑24 04:59:28HIGH (8)The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑71792015‑09‑24 04:59:27HIGH (8)The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.00NETWORK
CVE‑2015‑71782015‑09‑24 04:59:26HIGH (8)The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.00NETWORK
CVE‑2015‑71772015‑09‑24 04:59:25HIGH (8)The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑71762015‑09‑24 04:59:24HIGH (8)The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑71752015‑09‑24 04:59:23HIGH (8)The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."00NETWORK
CVE‑2015‑71742015‑09‑24 04:59:22HIGH (8)The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."00NETWORK
CVE‑2015‑45222015‑09‑24 04:59:21HIGH (8)The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."00NETWORK
CVE‑2015‑45212015‑09‑24 04:59:20HIGH (8)The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑45202015‑09‑24 04:59:19MEDIUM (6)Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.00NETWORK
CVE‑2015‑45192015‑09‑24 04:59:18MEDIUM (4)Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.00NETWORK
CVE‑2015‑45182015‑11‑05 05:59:05MEDIUM (4)The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.00NETWORK
CVE‑2015‑45172015‑09‑24 04:59:17HIGH (8)NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑45162015‑09‑24 04:59:16HIGH (9)Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs.00NETWORK
CVE‑2015‑45152015‑11‑05 05:59:03MEDIUM (4)Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.00NETWORK
CVE‑2015‑45142015‑11‑05 05:59:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑45132015‑11‑05 05:59:00HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑45122015‑09‑24 04:59:15MEDIUM (6)gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering.00NETWORK
CVE‑2015‑45112015‑09‑24 04:59:14MEDIUM (7)Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.00NETWORK
CVE‑2015‑45102015‑09‑24 04:59:13MEDIUM (7)Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.00NETWORK
CVE‑2015‑45092015‑09‑24 04:59:12HIGH (8)Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.00NETWORK
CVE‑2015‑45082015‑09‑24 04:59:11LOW (3)Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.00NETWORK
CVE‑2015‑45072015‑09‑24 04:59:10MEDIUM (5)The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site.00NETWORK
CVE‑2015‑45062015‑09‑24 04:59:09MEDIUM (7)Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.00NETWORK
CVE‑2015‑45052015‑09‑24 04:59:08MEDIUM (7)updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.00LOCAL
CVE‑2015‑45042015‑09‑24 04:59:07MEDIUM (6)The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.00NETWORK
CVE‑2015‑45032015‑09‑24 04:59:06MEDIUM (5)The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.00NETWORK
CVE‑2015‑45022015‑09‑24 04:59:05MEDIUM (4)js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.00NETWORK
CVE‑2015‑45012015‑09‑24 04:59:04HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑45002015‑09‑24 04:59:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑44982015‑08‑29 19:59:02HIGH (8)The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.00NETWORK
CVE‑2015‑44972015‑08‑29 19:59:00HIGH (10)Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.00NETWORK
CVE‑2015‑44962015‑08‑16 01:59:23HIGH (9)Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.00NETWORK
CVE‑2015‑44952015‑08‑08 00:59:05HIGH (9)The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.36NETWORK
CVE‑2015‑44932015‑08‑16 01:59:22HIGH (9)Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.00NETWORK
CVE‑2015‑44922015‑08‑16 01:59:21HIGH (8)Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.00NETWORK
CVE‑2015‑44912015‑08‑16 01:59:19MEDIUM (7)Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.00NETWORK
CVE‑2015‑44902015‑08‑16 01:59:18MEDIUM (4)The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.00NETWORK
CVE‑2015‑44892015‑08‑16 01:59:17HIGH (8)The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.00NETWORK
CVE‑2015‑44882015‑08‑16 01:59:16HIGH (8)Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.00NETWORK
CVE‑2015‑44872015‑08‑16 01:59:15HIGH (8)The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."00NETWORK
CVE‑2015‑44862015‑08‑16 01:59:14HIGH (10)The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.00NETWORK
CVE‑2015‑44852015‑08‑16 01:59:13HIGH (10)Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.00NETWORK
CVE‑2015‑44842015‑08‑16 01:59:12MEDIUM (5)The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.00NETWORK
CVE‑2015‑44832015‑08‑16 01:59:11MEDIUM (4)Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.00NETWORK
CVE‑2015‑44822015‑08‑16 01:59:10MEDIUM (5)mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.00LOCAL
CVE‑2015‑44812015‑08‑16 01:59:09LOW (3)Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.00LOCAL
CVE‑2015‑44802015‑08‑16 01:59:08HIGH (9)Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.00NETWORK
CVE‑2015‑44792015‑08‑16 01:59:07HIGH (10)Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.00NETWORK
CVE‑2015‑44782015‑08‑16 01:59:06MEDIUM (5)Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.00NETWORK
CVE‑2015‑44772015‑08‑16 01:59:05HIGH (10)Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.00NETWORK
CVE‑2015‑44762015‑09‑24 04:59:00MEDIUM (4)Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.00NETWORK
CVE‑2015‑44752015‑08‑16 01:59:03HIGH (8)The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.00NETWORK
CVE‑2015‑44742015‑08‑16 01:59:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑44732015‑08‑16 01:59:00HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27432015‑07‑06 02:01:12HIGH (8)PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.00NETWORK
CVE‑2015‑27422015‑07‑06 02:01:10MEDIUM (4)Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.00NETWORK
CVE‑2015‑27412015‑07‑06 02:01:10MEDIUM (4)Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.00NETWORK
CVE‑2015‑27402015‑07‑06 02:01:09HIGH (10)Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.00NETWORK
CVE‑2015‑27392015‑07‑06 02:01:08HIGH (10)The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.00NETWORK
CVE‑2015‑27382015‑07‑06 02:01:07HIGH (10)The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.00NETWORK
CVE‑2015‑27372015‑07‑06 02:01:06HIGH (10)The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.00NETWORK
CVE‑2015‑27362015‑07‑06 02:01:05HIGH (9)The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.00NETWORK
CVE‑2015‑27352015‑07‑06 02:01:05HIGH (9)nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.00NETWORK
CVE‑2015‑27342015‑07‑06 02:01:04HIGH (10)The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.00NETWORK
CVE‑2015‑27332015‑07‑06 02:01:03HIGH (10)Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.00NETWORK
CVE‑2015‑27312015‑07‑06 02:01:02HIGH (10)Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.00NETWORK
CVE‑2015‑27302015‑07‑06 02:01:01MEDIUM (4)Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.00NETWORK
CVE‑2015‑27292015‑07‑06 02:01:00MEDIUM (5)The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2015‑27282015‑07‑06 02:00:59HIGH (8)The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.00NETWORK
CVE‑2015‑27272015‑07‑06 02:00:59MEDIUM (7)Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.00NETWORK
CVE‑2015‑27262015‑07‑06 02:00:58HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27252015‑07‑06 02:00:57HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27242015‑07‑06 02:00:56HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27222015‑07‑06 02:00:55HIGH (10)Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.00NETWORK
CVE‑2015‑27212015‑07‑06 02:00:49MEDIUM (4)Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.00NETWORK
CVE‑2015‑27202015‑05‑14 10:59:12MEDIUM (4)The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain privileges via a Trojan horse file.00LOCAL
CVE‑2015‑27182015‑05‑14 10:59:11MEDIUM (4)The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.00NETWORK
CVE‑2015‑27172015‑05‑14 10:59:10MEDIUM (7)Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.00NETWORK
CVE‑2015‑27162015‑05‑14 10:59:09HIGH (8)Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.00NETWORK
CVE‑2015‑27152015‑05‑14 10:59:08MEDIUM (7)Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.00NETWORK
CVE‑2015‑27142015‑05‑14 10:59:07LOW (2)Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.00LOCAL
CVE‑2015‑27132015‑05‑14 10:59:06MEDIUM (7)Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.00NETWORK
CVE‑2015‑27122015‑05‑14 10:59:05HIGH (8)The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.00NETWORK
CVE‑2015‑27112015‑05‑14 10:59:04MEDIUM (4)Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component.00NETWORK
CVE‑2015‑27102015‑05‑14 10:59:03MEDIUM (7)Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.00NETWORK
CVE‑2015‑27092015‑05‑14 10:59:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27082015‑05‑14 10:59:01HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑27062015‑04‑27 11:59:07MEDIUM (7)Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.00NETWORK
CVE‑2015‑08362015‑02‑25 11:59:16HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑08352015‑02‑25 11:59:15HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑08342015‑02‑25 11:59:15MEDIUM (4)The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.00NETWORK
CVE‑2015‑08332015‑02‑25 11:59:14MEDIUM (7)Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.00LOCAL
CVE‑2015‑08322015‑02‑25 11:59:13MEDIUM (5)Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.00NETWORK
CVE‑2015‑08312015‑02‑25 11:59:12MEDIUM (7)Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.00NETWORK
CVE‑2015‑08302015‑02‑25 11:59:11MEDIUM (5)The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.00NETWORK
CVE‑2015‑08292015‑02‑25 11:59:10MEDIUM (7)Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.00NETWORK
CVE‑2015‑08282015‑02‑25 11:59:09MEDIUM (7)Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.00NETWORK
CVE‑2015‑08272015‑02‑25 11:59:08MEDIUM (4)Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.00NETWORK
CVE‑2015‑08262015‑02‑25 11:59:07MEDIUM (7)The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.00NETWORK
CVE‑2015‑08252015‑02‑25 11:59:06MEDIUM (4)Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.00NETWORK
CVE‑2015‑08242015‑02‑25 11:59:05MEDIUM (5)The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.00NETWORK
CVE‑2015‑08232015‑02‑25 11:59:04HIGH (8)Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.00NETWORK
CVE‑2015‑08222015‑02‑25 11:59:03MEDIUM (4)The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.00NETWORK
CVE‑2015‑08212015‑02‑25 11:59:02MEDIUM (7)Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.00NETWORK
CVE‑2015‑08202015‑02‑25 11:59:01LOW (3)Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.00NETWORK
CVE‑2015‑08192015‑02‑25 11:59:00MEDIUM (4)The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.00NETWORK
CVE‑2015‑08182015‑03‑24 00:59:07HIGH (8)Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.00NETWORK
CVE‑2015‑08172015‑03‑24 00:59:06MEDIUM (7)The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.00NETWORK
CVE‑2015‑08162015‑04‑01 10:59:15MEDIUM (5)Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.00NETWORK
CVE‑2015‑08152015‑04‑01 10:59:14HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑08142015‑04‑01 10:59:13HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2015‑08132015‑04‑01 10:59:12MEDIUM (5)Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.00NETWORK
CVE‑2015‑08122015‑04‑01 10:59:11MEDIUM (4)Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.00NETWORK
CVE‑2015‑08112015‑04‑01 10:59:11MEDIUM (6)The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.00NETWORK
CVE‑2015‑08102015‑04‑01 10:59:10MEDIUM (4)Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.00NETWORK
CVE‑2015‑08082015‑04‑01 10:59:09MEDIUM (5)The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.00NETWORK
CVE‑2015‑08072015‑04‑01 10:59:08MEDIUM (7)The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.00NETWORK
CVE‑2015‑08062015‑04‑01 10:59:07HIGH (8)The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.00NETWORK
CVE‑2015‑08052015‑04‑01 10:59:07HIGH (8)The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.00NETWORK
CVE‑2015‑08042015‑04‑01 10:59:06HIGH (8)The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.00NETWORK
CVE‑2015‑08032015‑04‑01 10:59:05HIGH (8)The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.00NETWORK
CVE‑2015‑08022015‑04‑01 10:59:04MEDIUM (5)Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.00NETWORK
CVE‑2015‑08012015‑04‑01 10:59:03HIGH (8)Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.00NETWORK
CVE‑2015‑08002015‑04‑01 10:59:02MEDIUM (5)The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.00NETWORK
CVE‑2015‑07992015‑04‑08 10:59:02MEDIUM (4)The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.00NETWORK
CVE‑2015‑07982015‑04‑08 10:59:00MEDIUM (5)The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.00NETWORK
CVE‑2015‑07972015‑05‑14 10:59:00MEDIUM (7)GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.00NETWORK
CVE‑2014‑86432015‑01‑14 11:59:12HIGH (7)Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.00NETWORK
CVE‑2014‑86422015‑01‑14 11:59:11MEDIUM (4)Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.00NETWORK
CVE‑2014‑86412015‑01‑14 11:59:10HIGH (8)Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.00NETWORK
CVE‑2014‑86402015‑01‑14 11:59:09MEDIUM (5)The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.00NETWORK
CVE‑2014‑86392015‑01‑14 11:59:08MEDIUM (7)Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.00NETWORK
CVE‑2014‑86382015‑01‑14 11:59:07MEDIUM (7)The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.00NETWORK
CVE‑2014‑86372015‑01‑14 11:59:06MEDIUM (5)Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.00NETWORK
CVE‑2014‑86362015‑01‑14 11:59:06HIGH (8)The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.00NETWORK
CVE‑2014‑86352015‑01‑14 11:59:05HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑86342015‑01‑14 11:59:03HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑86322014‑12‑11 11:59:14MEDIUM (4)The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.00NETWORK
CVE‑2014‑86312014‑12‑11 11:59:13MEDIUM (4)The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.00NETWORK
CVE‑2014‑64922014‑10‑15 22:55:06HIGH (8)Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.00NETWORK
CVE‑2014‑15952014‑12‑11 11:59:09LOW (2)Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.00LOCAL
CVE‑2014‑15942014‑12‑11 11:59:08MEDIUM (7)Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.00NETWORK
CVE‑2014‑15932014‑12‑11 11:59:07MEDIUM (7)Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.00NETWORK
CVE‑2014‑15922014‑12‑11 11:59:06MEDIUM (7)Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.00NETWORK
CVE‑2014‑15912014‑12‑11 11:59:05MEDIUM (4)Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.00NETWORK
CVE‑2014‑15902014‑12‑11 11:59:04MEDIUM (4)The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.00NETWORK
CVE‑2014‑15892014‑12‑11 11:59:03MEDIUM (7)Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.00NETWORK
CVE‑2014‑15882014‑12‑11 11:59:02MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15872014‑12‑11 11:59:00MEDIUM (7)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15862014‑10‑15 10:55:07MEDIUM (5)content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.00NETWORK
CVE‑2014‑15852014‑10‑15 10:55:07MEDIUM (5)The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.00NETWORK
CVE‑2014‑15842014‑10‑15 10:55:07MEDIUM (4)The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.00NETWORK
CVE‑2014‑15832014‑10‑15 10:55:07MEDIUM (5)The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.00NETWORK
CVE‑2014‑15822014‑10‑15 10:55:07MEDIUM (4)The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.00NETWORK
CVE‑2014‑15812014‑10‑15 10:55:07HIGH (8)Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.00NETWORK
CVE‑2014‑15802014‑10‑15 10:55:07MEDIUM (5)Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.00NETWORK
CVE‑2014‑15782014‑10‑15 10:55:07HIGH (8)The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.00NETWORK
CVE‑2014‑15772014‑10‑15 10:55:07MEDIUM (6)The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.00NETWORK
CVE‑2014‑15762014‑10‑15 10:55:07HIGH (8)Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.00NETWORK
CVE‑2014‑15752014‑10‑15 10:55:07HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.00NETWORK
CVE‑2014‑15742014‑10‑15 10:55:07HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15682014‑09‑25 17:55:04HIGH (8)Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.00NETWORK
CVE‑2014‑15672014‑09‑03 10:55:07HIGH (9)Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.00NETWORK
CVE‑2014‑15662014‑09‑03 10:55:07MEDIUM (4)Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.00NETWORK
CVE‑2014‑15652014‑09‑03 10:55:07MEDIUM (5)The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.00NETWORK
CVE‑2014‑15642014‑09‑03 10:55:07MEDIUM (4)Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.00NETWORK
CVE‑2014‑15632014‑09‑03 10:55:07HIGH (10)Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.00NETWORK
CVE‑2014‑15622014‑09‑03 10:55:07HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15612014‑07‑23 11:12:43MEDIUM (6)Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.00NETWORK
CVE‑2014‑15602014‑07‑23 11:12:43MEDIUM (4)Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.00NETWORK
CVE‑2014‑15592014‑07‑23 11:12:43MEDIUM (4)Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.00NETWORK
CVE‑2014‑15582014‑07‑23 11:12:43MEDIUM (4)Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.00NETWORK
CVE‑2014‑15572014‑07‑23 11:12:43HIGH (9)The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.00NETWORK
CVE‑2014‑15562014‑07‑23 11:12:43HIGH (9)Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.00NETWORK
CVE‑2014‑15552014‑07‑23 11:12:43HIGH (9)Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.00NETWORK
CVE‑2014‑15542014‑09‑03 10:55:06HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15532014‑09‑03 10:55:06HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15522014‑07‑23 11:12:43MEDIUM (6)Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.00NETWORK
CVE‑2014‑15512014‑07‑23 11:12:43HIGH (10)Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.00NETWORK
CVE‑2014‑15502014‑07‑23 11:12:43HIGH (10)Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.00NETWORK
CVE‑2014‑15492014‑07‑23 11:12:43HIGH (9)The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.00NETWORK
CVE‑2014‑15482014‑07‑23 11:12:43HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15472014‑07‑23 11:12:43HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15442014‑07‑23 11:12:43HIGH (10)Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.00NETWORK
CVE‑2014‑15432014‑06‑11 10:57:18HIGH (8)Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.00NETWORK
CVE‑2014‑15422014‑06‑11 10:57:18MEDIUM (7)Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.00NETWORK
CVE‑2014‑15412014‑06‑11 10:57:18HIGH (10)Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.00NETWORK
CVE‑2014‑15402014‑06‑11 10:57:18HIGH (9)Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.00NETWORK
CVE‑2014‑15392014‑06‑11 10:57:18MEDIUM (5)Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.00NETWORK
CVE‑2014‑15382014‑06‑11 10:57:18HIGH (10)Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2014‑15372014‑06‑11 10:57:18HIGH (10)Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2014‑15362014‑06‑11 10:57:18HIGH (10)The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2014‑15342014‑06‑11 10:57:18HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15332014‑06‑11 10:57:18HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15322014‑04‑30 10:49:05CRITICAL (10)Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.46NETWORK
CVE‑2014‑15312014‑04‑30 10:49:05HIGH (9)Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.36NETWORK
CVE‑2014‑15302014‑04‑30 10:49:05MEDIUM (6)The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.33NETWORK
CVE‑2014‑15292014‑04‑30 10:49:05HIGH (9)The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.36NETWORK
CVE‑2014‑15282014‑04‑30 10:49:05HIGH (10)The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.00NETWORK
CVE‑2014‑15272014‑04‑30 10:49:05MEDIUM (5)Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.00NETWORK
CVE‑2014‑15262014‑04‑30 10:49:05MEDIUM (7)The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.00NETWORK
CVE‑2014‑15252014‑04‑30 10:49:05HIGH (9)The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.00NETWORK
CVE‑2014‑15242014‑04‑30 10:49:05CRITICAL (10)The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.46NETWORK
CVE‑2014‑15232014‑04‑30 10:49:05MEDIUM (7)Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.34NETWORK
CVE‑2014‑15222014‑04‑30 10:49:05HIGH (9)The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.00NETWORK
CVE‑2014‑15202014‑04‑30 10:49:05MEDIUM (7)maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.00LOCAL
CVE‑2014‑15192014‑04‑30 10:49:05HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑15182014‑04‑30 10:49:05HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.36NETWORK
CVE‑2014‑15162014‑03‑29 20:55:04MEDIUM (5)The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.00NETWORK
CVE‑2014‑15152014‑03‑25 13:25:39LOW (2)Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.00LOCAL
CVE‑2014‑15142014‑03‑19 10:55:07CRITICAL (10)vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.46NETWORK
CVE‑2014‑15132014‑03‑19 10:55:07HIGH (9)TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.36NETWORK
CVE‑2014‑15122014‑03‑19 10:55:07HIGH (10)Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.00NETWORK
CVE‑2014‑15112014‑03‑19 10:55:07CRITICAL (10)Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.46NETWORK
CVE‑2014‑15102014‑03‑19 10:55:07CRITICAL (10)The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.46NETWORK
CVE‑2014‑15092014‑03‑19 10:55:07HIGH (9)Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.36NETWORK
CVE‑2014‑15082014‑03‑19 10:55:07CRITICAL (9)The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.45NETWORK
CVE‑2014‑15062014‑03‑19 10:55:07MEDIUM (6)Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.00NETWORK
CVE‑2014‑15052014‑03‑19 10:55:06HIGH (8)The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.44NETWORK
CVE‑2014‑15042014‑03‑19 10:55:06LOW (3)The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.00NETWORK
CVE‑2014‑15022014‑03‑19 10:55:06MEDIUM (7)The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.00NETWORK
CVE‑2014‑15012014‑03‑19 10:55:06MEDIUM (6)Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.00NETWORK
CVE‑2014‑15002014‑03‑19 10:55:06MEDIUM (5)Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.00NETWORK
CVE‑2014‑14992014‑03‑19 10:55:06MEDIUM (4)Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.00NETWORK
CVE‑2014‑14982014‑03‑19 10:55:06MEDIUM (5)The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.00NETWORK
CVE‑2014‑14972014‑03‑19 10:55:06HIGH (9)The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.36NETWORK
CVE‑2014‑14962014‑03‑19 10:55:06MEDIUM (6)Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.24LOCAL
CVE‑2014‑14942014‑03‑19 10:55:06HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2014‑14932014‑03‑19 10:55:06CRITICAL (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.46NETWORK
CVE‑2014‑14912014‑02‑06 05:44:25MEDIUM (4)Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.00NETWORK
CVE‑2014‑14902014‑02‑06 05:44:25HIGH (9)Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.00NETWORK
CVE‑2014‑14892014‑02‑06 05:44:25MEDIUM (4)Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.00NETWORK
CVE‑2014‑14882014‑02‑06 05:44:25HIGH (10)The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.00NETWORK
CVE‑2014‑14872014‑02‑06 05:44:25HIGH (8)The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.44NETWORK
CVE‑2014‑14862014‑02‑06 05:44:25CRITICAL (10)Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.46NETWORK
CVE‑2014‑14852014‑02‑06 05:44:25HIGH (8)The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.00NETWORK
CVE‑2014‑14842014‑02‑06 05:44:25MEDIUM (5)Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.00NETWORK
CVE‑2014‑14832014‑02‑06 05:44:25MEDIUM (5)Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.00NETWORK
CVE‑2014‑14822014‑02‑06 05:44:25HIGH (9)RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.36NETWORK
CVE‑2014‑14812014‑02‑06 05:44:25HIGH (8)Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.44NETWORK
CVE‑2014‑14802014‑02‑06 05:44:25MEDIUM (4)The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.00NETWORK
CVE‑2014‑14792014‑02‑06 05:44:25HIGH (8)The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.44NETWORK
CVE‑2014‑14782014‑02‑06 05:44:25HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.00NETWORK
CVE‑2014‑14772014‑02‑06 05:44:24CRITICAL (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.46NETWORK
CVE‑2014‑03872014‑01‑15 16:08:07HIGH (8)Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.00NETWORK
CVE‑2013‑66732013‑12‑11 15:55:13MEDIUM (6)Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.24NETWORK
CVE‑2013‑66722013‑12‑11 15:55:13MEDIUM (4)Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.00NETWORK
CVE‑2013‑66712013‑12‑11 15:55:13CRITICAL (10)The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.46NETWORK
CVE‑2013‑66292013‑11‑19 04:50:56MEDIUM (5)The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.00NETWORK
CVE‑2013‑61672014‑02‑15 14:57:08MEDIUM (7)Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.00NETWORK
CVE‑2013‑56192013‑12‑11 15:55:13HIGH (8)Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.00NETWORK
CVE‑2013‑56182013‑12‑11 15:55:13CRITICAL (10)Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.46NETWORK
CVE‑2013‑56162013‑12‑11 15:55:13CRITICAL (10)Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.46NETWORK
CVE‑2013‑56152013‑12‑11 15:55:13CRITICAL (10)The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.46NETWORK
CVE‑2013‑56142013‑12‑11 15:55:13MEDIUM (4)Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.00NETWORK
CVE‑2013‑56132013‑12‑11 15:55:13CRITICAL (10)Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.46NETWORK
CVE‑2013‑56122013‑12‑11 15:55:13MEDIUM (4)Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.00NETWORK
CVE‑2013‑56112013‑12‑11 15:55:13MEDIUM (6)Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.00NETWORK
CVE‑2013‑56102013‑12‑11 15:55:08HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑56092013‑12‑11 15:55:07CRITICAL (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.46NETWORK
CVE‑2013‑56072013‑11‑20 14:12:51HIGH (8)Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.00NETWORK
CVE‑2013‑56042013‑10‑30 10:55:05HIGH (9)The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.00NETWORK
CVE‑2013‑56032013‑10‑30 10:55:05HIGH (10)Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.00NETWORK
CVE‑2013‑56022013‑10‑30 10:55:05HIGH (10)The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.00NETWORK
CVE‑2013‑56012013‑10‑30 10:55:05HIGH (10)Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.00NETWORK
CVE‑2013‑56002013‑10‑30 10:55:05HIGH (10)Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.00NETWORK
CVE‑2013‑55992013‑10‑30 10:55:05HIGH (10)Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.00NETWORK
CVE‑2013‑55982013‑10‑30 10:55:05HIGH (8)PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.00NETWORK
CVE‑2013‑55972013‑10‑30 10:55:04HIGH (10)Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.00NETWORK
CVE‑2013‑55962013‑10‑30 10:55:04MEDIUM (7)The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.00NETWORK
CVE‑2013‑55952013‑10‑30 10:55:04MEDIUM (4)The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.00NETWORK
CVE‑2013‑55942020‑02‑18 13:15:11MEDIUM (4)Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding31NETWORK
CVE‑2013‑55932013‑10‑30 10:55:04MEDIUM (4)The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.00NETWORK
CVE‑2013‑55922013‑10‑30 10:55:04HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑55912013‑10‑30 10:55:04HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑55902013‑10‑30 10:55:04HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑17382013‑09‑18 10:08:25HIGH (9)Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.00NETWORK
CVE‑2013‑17372013‑09‑18 10:08:25MEDIUM (5)Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.00NETWORK
CVE‑2013‑17362013‑09‑18 10:08:25HIGH (10)The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.00NETWORK
CVE‑2013‑17352013‑09‑18 10:08:25HIGH (9)Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.00NETWORK
CVE‑2013‑17322013‑09‑18 10:08:25HIGH (9)Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.00NETWORK
CVE‑2013‑17312013‑09‑18 10:08:25MEDIUM (7)Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.00NETWORK
CVE‑2013‑17302013‑09‑18 10:08:25MEDIUM (7)Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.00NETWORK
CVE‑2013‑17292013‑09‑18 10:08:25LOW (3)The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.00NETWORK
CVE‑2013‑17282013‑09‑18 10:08:25MEDIUM (4)The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.00NETWORK
CVE‑2013‑17272013‑09‑18 10:08:25MEDIUM (4)Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.00NETWORK
CVE‑2013‑17262013‑09‑18 10:08:24MEDIUM (6)Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.00LOCAL
CVE‑2013‑17252013‑09‑18 10:08:24MEDIUM (7)Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling.00NETWORK
CVE‑2013‑17242013‑09‑18 10:08:24HIGH (9)Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.00NETWORK
CVE‑2013‑17232013‑09‑18 10:08:24MEDIUM (4)The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.00NETWORK
CVE‑2013‑17222013‑09‑18 10:08:24HIGH (9)Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.00NETWORK
CVE‑2013‑17212013‑09‑18 10:08:24HIGH (9)Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.00NETWORK
CVE‑2013‑17202013‑09‑18 10:08:24MEDIUM (7)The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.00NETWORK
CVE‑2013‑17192013‑09‑18 10:08:24HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑17182013‑09‑18 10:08:22HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑17172013‑08‑07 01:55:05MEDIUM (5)Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.00NETWORK
CVE‑2013‑17152013‑08‑07 01:55:05MEDIUM (7)Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.00LOCAL
CVE‑2013‑17142013‑08‑07 01:55:05MEDIUM (4)The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors.00NETWORK
CVE‑2013‑17132013‑08‑07 01:55:05MEDIUM (4)Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.00NETWORK
CVE‑2013‑17122013‑08‑07 01:55:05MEDIUM (7)Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.00LOCAL
CVE‑2013‑17112013‑08‑07 01:55:05MEDIUM (4)The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.00NETWORK
CVE‑2013‑17102013‑08‑07 01:55:05HIGH (10)The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.00NETWORK
CVE‑2013‑17092013‑08‑07 01:55:05MEDIUM (4)Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.00NETWORK
CVE‑2013‑17082013‑08‑07 01:55:05MEDIUM (4)Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.00NETWORK
CVE‑2013‑17072013‑08‑07 01:55:05HIGH (7)Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.00LOCAL
CVE‑2013‑17062013‑08‑07 01:55:05HIGH (7)Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.00LOCAL
CVE‑2013‑17052013‑08‑07 01:55:05HIGH (10)Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.00NETWORK
CVE‑2013‑17042013‑08‑07 01:55:05HIGH (9)Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.00NETWORK
CVE‑2013‑17022013‑08‑07 01:55:05HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑17012013‑08‑07 01:55:05HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑17002013‑06‑26 03:19:11HIGH (7)The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.00LOCAL
CVE‑2013‑16992013‑06‑26 03:19:11MEDIUM (5)The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.00NETWORK
CVE‑2013‑16982013‑06‑26 03:19:11MEDIUM (4)The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.00NETWORK
CVE‑2013‑16972013‑06‑26 03:19:11HIGH (9)The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.00NETWORK
CVE‑2013‑16962013‑06‑26 03:19:11MEDIUM (4)Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.00NETWORK
CVE‑2013‑16952013‑06‑26 03:19:11MEDIUM (5)Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.00NETWORK
CVE‑2013‑16942013‑06‑26 03:19:11HIGH (8)The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.00NETWORK
CVE‑2013‑16932013‑06‑26 03:19:11MEDIUM (4)The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.00NETWORK
CVE‑2013‑16922013‑06‑26 03:19:11MEDIUM (4)Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.00NETWORK
CVE‑2013‑16902013‑06‑26 03:19:11HIGH (9)Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.36NETWORK
CVE‑2013‑16892019‑12‑10 18:15:09MEDIUM (7)Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.34NETWORK
CVE‑2013‑16882013‑06‑26 03:19:11HIGH (9)The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.00NETWORK
CVE‑2013‑16872013‑06‑26 03:19:11HIGH (9)The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.00NETWORK
CVE‑2013‑16862013‑06‑26 03:19:11HIGH (10)Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑16852013‑06‑26 03:19:11HIGH (9)Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.00NETWORK
CVE‑2013‑16842013‑06‑26 03:19:11HIGH (9)Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.00NETWORK
CVE‑2013‑16832013‑06‑26 03:19:11HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑16822013‑06‑26 03:19:11HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑16812013‑05‑16 11:45:31HIGH (10)Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑16802013‑05‑16 11:45:31HIGH (10)Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑16792013‑05‑16 11:45:31HIGH (10)Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑16782013‑05‑16 11:45:31HIGH (10)The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.00NETWORK
CVE‑2013‑16772013‑05‑16 11:45:31HIGH (10)The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2013‑16762013‑05‑16 11:45:31HIGH (10)The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2013‑16752013‑05‑16 11:45:31MEDIUM (7)Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.34NETWORK
CVE‑2013‑16742013‑05‑16 11:45:31HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.00NETWORK
CVE‑2013‑16732013‑05‑16 11:45:31MEDIUM (7)The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."00LOCAL
CVE‑2013‑16722013‑05‑16 11:45:31MEDIUM (7)The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.00LOCAL
CVE‑2013‑16712013‑05‑16 11:45:31MEDIUM (4)Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.00NETWORK
CVE‑2013‑16702013‑05‑16 11:45:31MEDIUM (4)The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.00NETWORK
CVE‑2013‑16692013‑05‑16 11:45:31HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑14892013‑01‑31 14:55:02HIGH (10)Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.00NETWORK
CVE‑2013‑08012013‑05‑16 11:45:31HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑08002013‑04‑03 11:56:21MEDIUM (7)Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.00NETWORK
CVE‑2013‑07992013‑04‑03 11:56:21HIGH (7)Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments.00LOCAL
CVE‑2013‑07982013‑04‑03 11:56:21MEDIUM (4)Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.00NETWORK
CVE‑2013‑07972013‑04‑03 11:56:21MEDIUM (7)Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory.00LOCAL
CVE‑2013‑07962013‑04‑03 11:56:21HIGH (10)The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.00NETWORK
CVE‑2013‑07952013‑04‑03 11:56:21HIGH (10)The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.00NETWORK
CVE‑2013‑07942013‑04‑03 11:56:21MEDIUM (6)Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.00NETWORK
CVE‑2013‑07932013‑04‑03 11:56:21MEDIUM (4)Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.00NETWORK
CVE‑2013‑07922013‑04‑03 11:56:21MEDIUM (4)Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.00NETWORK
CVE‑2013‑07912013‑04‑03 11:56:21MEDIUM (5)The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.00NETWORK
CVE‑2013‑07902013‑04‑03 11:56:21HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.00NETWORK
CVE‑2013‑07892013‑04‑03 11:56:21HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.00NETWORK
CVE‑2013‑07882013‑04‑03 11:56:21HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07872013‑03‑11 10:55:01HIGH (9)Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.00NETWORK
CVE‑2013‑07842013‑02‑19 23:55:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07832013‑02‑19 23:55:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07822013‑02‑19 23:55:02HIGH (9)Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2013‑07812013‑02‑19 23:55:02HIGH (9)Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑07802013‑02‑19 23:55:02HIGH (9)Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.00NETWORK
CVE‑2013‑07792013‑02‑19 23:55:02HIGH (9)The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2013‑07782013‑02‑19 23:55:02HIGH (9)The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2013‑07772013‑02‑19 23:55:02HIGH (9)Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑07762013‑02‑19 23:55:02MEDIUM (4)Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.00NETWORK
CVE‑2013‑07752013‑02‑19 23:55:02HIGH (9)Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.00NETWORK
CVE‑2013‑07742013‑02‑19 23:55:01MEDIUM (4)Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.00NETWORK
CVE‑2013‑07732013‑02‑19 23:55:01HIGH (9)The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.00NETWORK
CVE‑2013‑07722013‑02‑19 23:55:01MEDIUM (6)The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.00NETWORK
CVE‑2013‑07712013‑01‑13 20:55:03HIGH (9)Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.00NETWORK
CVE‑2013‑07702013‑01‑13 20:55:03HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07692013‑01‑13 20:55:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07682013‑01‑13 20:55:02HIGH (9)Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.00NETWORK
CVE‑2013‑07672013‑01‑13 20:55:02HIGH (10)The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2013‑07662013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑07652013‑02‑19 23:55:01HIGH (9)Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.00NETWORK
CVE‑2013‑07642013‑01‑13 20:55:02HIGH (9)The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.00NETWORK
CVE‑2013‑07632013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.00NETWORK
CVE‑2013‑07622013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑07612013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2013‑07602013‑01‑13 20:55:02HIGH (9)Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.00NETWORK
CVE‑2013‑07592013‑01‑13 20:55:02MEDIUM (5)Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.00NETWORK
CVE‑2013‑07582013‑01‑13 20:55:02HIGH (9)Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.00NETWORK
CVE‑2013‑07572013‑01‑13 20:55:02HIGH (9)The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.00NETWORK
CVE‑2013‑07562013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.00NETWORK
CVE‑2013‑07552013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.00NETWORK
CVE‑2013‑07542013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.00NETWORK
CVE‑2013‑07532013‑01‑13 20:55:02HIGH (9)Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.00NETWORK
CVE‑2013‑07522013‑01‑13 20:55:02HIGH (9)Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.00NETWORK
CVE‑2013‑07512013‑01‑13 20:55:02MEDIUM (6)Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.00NETWORK
CVE‑2013‑07502013‑01‑13 20:55:02HIGH (9)Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.00NETWORK
CVE‑2013‑07492013‑01‑13 20:55:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2013‑07482013‑01‑13 20:55:02MEDIUM (4)The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.00NETWORK
CVE‑2013‑07472013‑01‑13 20:55:02MEDIUM (7)The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.00NETWORK
CVE‑2013‑07462013‑01‑13 20:55:02HIGH (9)Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.00NETWORK
CVE‑2013‑07452013‑01‑13 20:55:01HIGH (9)The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.00NETWORK
CVE‑2013‑07442013‑01‑13 20:55:01HIGH (9)Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.00NETWORK
CVE‑2012‑58432012‑11‑21 12:55:04HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑58422012‑11‑21 12:55:04HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑58412012‑11‑21 12:55:04MEDIUM (4)Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.00NETWORK
CVE‑2012‑58402012‑11‑21 12:55:04HIGH (9)Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.00NETWORK
CVE‑2012‑58392012‑11‑21 12:55:04HIGH (9)Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑58382012‑11‑21 12:55:04HIGH (9)The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.00NETWORK
CVE‑2012‑58372012‑11‑21 12:55:04MEDIUM (7)The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.00NETWORK
CVE‑2012‑58362012‑11‑21 12:55:03HIGH (8)Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.00NETWORK
CVE‑2012‑58352012‑11‑21 12:55:03HIGH (10)Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.00NETWORK
CVE‑2012‑58332012‑11‑21 12:55:03HIGH (9)The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.00NETWORK
CVE‑2012‑58302012‑11‑21 12:55:03HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.36NETWORK
CVE‑2012‑58292012‑11‑21 12:55:03HIGH (9)Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑53542012‑10‑10 17:55:03MEDIUM (7)Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.00NETWORK
CVE‑2012‑49302012‑09‑15 18:55:03LOW (3)The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.00NETWORK
CVE‑2012‑49292012‑09‑15 18:55:03LOW (3)The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.00NETWORK
CVE‑2012‑42182012‑11‑21 12:55:03HIGH (10)Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42172012‑11‑21 12:55:02HIGH (9)Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42162012‑11‑21 12:55:02HIGH (9)Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42152012‑11‑21 12:55:02HIGH (9)Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42142012‑11‑21 12:55:02HIGH (9)Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.00NETWORK
CVE‑2012‑42132012‑11‑21 12:55:02HIGH (9)Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42122012‑11‑21 12:55:02HIGH (10)Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑42102012‑11‑21 12:55:02HIGH (9)The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.00NETWORK
CVE‑2012‑42092012‑11‑21 12:55:02MEDIUM (4)Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.00NETWORK
CVE‑2012‑42082012‑11‑21 12:55:02MEDIUM (4)The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.00NETWORK
CVE‑2012‑42072012‑11‑21 12:55:02MEDIUM (4)The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.00NETWORK
CVE‑2012‑42062012‑11‑21 12:55:02MEDIUM (7)Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.00LOCAL
CVE‑2012‑42052012‑11‑21 12:55:02MEDIUM (7)Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.00NETWORK
CVE‑2012‑42042012‑11‑21 12:55:02HIGH (9)The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.00NETWORK
CVE‑2012‑42032012‑11‑21 12:55:02MEDIUM (7)The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.00NETWORK
CVE‑2012‑42022012‑11‑21 12:55:02HIGH (9)Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.00NETWORK
CVE‑2012‑42012012‑11‑21 12:55:01MEDIUM (4)The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.00NETWORK
CVE‑2012‑41962012‑10‑29 18:55:02MEDIUM (6)Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.00NETWORK
CVE‑2012‑41952012‑10‑29 18:55:01MEDIUM (4)The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.00NETWORK
CVE‑2012‑41942012‑10‑29 18:55:01MEDIUM (4)Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.00NETWORK
CVE‑2012‑41932012‑10‑12 10:44:20MEDIUM (7)Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.00NETWORK
CVE‑2012‑41922012‑10‑12 10:44:20MEDIUM (4)Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.00NETWORK
CVE‑2012‑41912012‑10‑12 10:44:20HIGH (9)The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑41902012‑10‑12 10:44:20HIGH (10)The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑41882012‑10‑10 17:55:03HIGH (9)Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑41872012‑10‑10 17:55:03HIGH (9)Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.00NETWORK
CVE‑2012‑41862012‑10‑10 17:55:03HIGH (9)Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑41852012‑10‑10 17:55:02HIGH (9)Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑41842012‑10‑10 17:55:02MEDIUM (4)The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.00NETWORK
CVE‑2012‑41832012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑41822012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑41812012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑41802012‑10‑10 17:55:02HIGH (9)Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑41792012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39952012‑10‑10 17:55:02HIGH (9)The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.00NETWORK
CVE‑2012‑39942012‑10‑10 17:55:02MEDIUM (4)Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.00NETWORK
CVE‑2012‑39932012‑10‑10 17:55:02HIGH (9)The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.00NETWORK
CVE‑2012‑39922012‑10‑10 17:55:02MEDIUM (4)Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.00NETWORK
CVE‑2012‑39912012‑10‑10 17:55:02HIGH (9)Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.00NETWORK
CVE‑2012‑39902012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.00NETWORK
CVE‑2012‑39892012‑10‑10 17:55:02HIGH (9)Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.00NETWORK
CVE‑2012‑39882012‑10‑10 17:55:02HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.00NETWORK
CVE‑2012‑39872012‑10‑10 17:55:02MEDIUM (4)Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.00NETWORK
CVE‑2012‑39862012‑10‑10 17:55:02MEDIUM (4)Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.00NETWORK
CVE‑2012‑39852012‑10‑10 17:55:02MEDIUM (4)Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.00NETWORK
CVE‑2012‑39842012‑10‑10 17:55:02MEDIUM (7)Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.00NETWORK
CVE‑2012‑39832012‑10‑10 17:55:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑39822012‑10‑10 17:55:01HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑39802012‑08‑29 10:56:41HIGH (9)The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.00NETWORK
CVE‑2012‑39792012‑08‑29 10:56:41MEDIUM (7)Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.00NETWORK
CVE‑2012‑39782012‑08‑29 10:56:41MEDIUM (7)The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.00NETWORK
CVE‑2012‑39762012‑08‑29 10:56:41MEDIUM (4)Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.00NETWORK
CVE‑2012‑39752012‑08‑29 10:56:41MEDIUM (4)The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.00NETWORK
CVE‑2012‑39742012‑08‑29 10:56:41MEDIUM (7)Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.00LOCAL
CVE‑2012‑39732012‑08‑29 10:56:41HIGH (8)The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.00NETWORK
CVE‑2012‑39722012‑08‑29 10:56:41MEDIUM (5)The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.00NETWORK
CVE‑2012‑39712012‑08‑29 10:56:41HIGH (10)Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.00NETWORK
CVE‑2012‑39702012‑08‑29 10:56:41HIGH (10)Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.00NETWORK
CVE‑2012‑39692012‑08‑29 10:56:41HIGH (9)Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.00NETWORK
CVE‑2012‑39682012‑08‑29 10:56:41HIGH (10)Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.00NETWORK
CVE‑2012‑39672012‑08‑29 10:56:41HIGH (9)The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.00NETWORK
CVE‑2012‑39662012‑08‑29 10:56:41HIGH (10)Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.00NETWORK
CVE‑2012‑39652012‑08‑29 10:56:41HIGH (9)Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.00NETWORK
CVE‑2012‑39642012‑08‑29 10:56:41HIGH (10)Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39632012‑08‑29 10:56:41HIGH (10)Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑39622012‑08‑29 10:56:41HIGH (9)Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.00NETWORK
CVE‑2012‑39612012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39602012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39592012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39582012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑39572012‑08‑29 10:56:40HIGH (10)Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑39562012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑31052012‑06‑05 23:55:02HIGH (9)The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.00NETWORK
CVE‑2012‑19762012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑19752012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑19742012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑19732012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑19722012‑08‑29 10:56:40HIGH (10)Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.00NETWORK
CVE‑2012‑19712012‑08‑29 10:56:40HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.00NETWORK
CVE‑2012‑19702012‑08‑29 10:56:40HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑19672012‑07‑18 10:26:49HIGH (10)Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.00NETWORK
CVE‑2012‑19662012‑07‑18 10:26:49MEDIUM (4)Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.00NETWORK
CVE‑2012‑19652012‑07‑18 10:26:49MEDIUM (4)Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.00NETWORK
CVE‑2012‑19642012‑07‑18 10:26:49MEDIUM (4)The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.00NETWORK
CVE‑2012‑19632012‑07‑18 10:26:49MEDIUM (4)The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.00NETWORK
CVE‑2012‑19622012‑07‑18 10:26:49HIGH (10)Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.00NETWORK
CVE‑2012‑19612012‑07‑18 10:26:49MEDIUM (4)Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.00NETWORK
CVE‑2012‑19602012‑07‑18 10:26:49MEDIUM (5)The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.00NETWORK
CVE‑2012‑19592012‑07‑18 10:26:49MEDIUM (5)Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.00NETWORK
CVE‑2012‑19582012‑07‑18 10:26:49HIGH (9)Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.00NETWORK
CVE‑2012‑19572012‑07‑18 10:26:49MEDIUM (4)An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.00NETWORK
CVE‑2012‑19562012‑08‑29 10:56:40MEDIUM (4)Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.00NETWORK
CVE‑2012‑19552012‑07‑18 10:26:49MEDIUM (7)Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.00NETWORK
CVE‑2012‑19542012‑07‑18 10:26:49HIGH (10)Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.00NETWORK
CVE‑2012‑19532012‑07‑18 10:26:49HIGH (9)The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.00NETWORK
CVE‑2012‑19522012‑07‑18 10:26:49HIGH (9)The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.00NETWORK
CVE‑2012‑19512012‑07‑18 10:26:49HIGH (10)Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.00NETWORK
CVE‑2012‑19502012‑07‑18 10:26:49MEDIUM (6)The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.00NETWORK
CVE‑2012‑19492012‑07‑18 10:26:49HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑19482012‑07‑18 10:26:48HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑19472012‑06‑05 23:55:02HIGH (9)Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.00NETWORK
CVE‑2012‑19462012‑06‑05 23:55:02HIGH (9)Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.00NETWORK
CVE‑2012‑19452012‑06‑05 23:55:02LOW (3)Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.00ADJACENT_NETWORK
CVE‑2012‑19442012‑06‑05 23:55:02MEDIUM (4)The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.00NETWORK
CVE‑2012‑19432012‑06‑05 23:55:02MEDIUM (7)Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.00LOCAL
CVE‑2012‑19422012‑06‑05 23:55:02HIGH (7)The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.00LOCAL
CVE‑2012‑19412012‑06‑05 23:55:02HIGH (9)Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.00NETWORK
CVE‑2012‑19402012‑06‑05 23:55:02HIGH (9)Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.00NETWORK
CVE‑2012‑19392012‑06‑05 23:55:02HIGH (9)jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.00NETWORK
CVE‑2012‑19382012‑06‑05 23:55:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.00NETWORK
CVE‑2012‑19372012‑06‑05 23:55:01HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04792012‑04‑25 10:10:18MEDIUM (4)Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.00NETWORK
CVE‑2012‑04782012‑04‑25 10:10:18HIGH (9)The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.00NETWORK
CVE‑2012‑04772012‑04‑25 10:10:18MEDIUM (4)Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.00NETWORK
CVE‑2012‑04752012‑04‑25 10:10:18LOW (3)Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.00NETWORK
CVE‑2012‑04742012‑04‑25 10:10:18MEDIUM (4)Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)."00NETWORK
CVE‑2012‑04732012‑04‑25 10:10:18MEDIUM (5)The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.00NETWORK
CVE‑2012‑04722012‑04‑25 10:10:18HIGH (9)The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2012‑04712012‑04‑25 10:10:18MEDIUM (4)Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.00NETWORK
CVE‑2012‑04702012‑04‑25 10:10:17HIGH (10)Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."00NETWORK
CVE‑2012‑04692012‑04‑25 10:10:17HIGH (10)Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.00NETWORK
CVE‑2012‑04682012‑04‑25 10:10:17HIGH (10)The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.00NETWORK
CVE‑2012‑04672012‑04‑25 10:10:17HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04642012‑03‑14 19:55:02HIGH (8)Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.00NETWORK
CVE‑2012‑04632012‑03‑14 19:55:02HIGH (8)The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.00NETWORK
CVE‑2012‑04622012‑03‑14 19:55:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04612012‑03‑14 19:55:02HIGH (8)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04602012‑03‑14 19:55:02MEDIUM (6)Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.00NETWORK
CVE‑2012‑04592012‑03‑14 19:55:02HIGH (8)The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.00NETWORK
CVE‑2012‑04582012‑03‑14 19:55:02MEDIUM (7)Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.00NETWORK
CVE‑2012‑04572012‑03‑14 19:55:02HIGH (9)Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.00NETWORK
CVE‑2012‑04562012‑03‑14 19:55:02MEDIUM (5)The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.00NETWORK
CVE‑2012‑04552012‑03‑14 19:55:02MEDIUM (4)Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.00NETWORK
CVE‑2012‑04542012‑03‑14 19:55:02HIGH (8)Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.00NETWORK
CVE‑2012‑04522012‑02‑11 02:55:01HIGH (8)Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.00NETWORK
CVE‑2012‑04512012‑03‑14 19:55:02MEDIUM (4)CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.00NETWORK
CVE‑2012‑04502012‑02‑01 16:55:01LOW (2)Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.00LOCAL
CVE‑2012‑04492012‑02‑01 16:55:01HIGH (9)Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.00NETWORK
CVE‑2012‑04472012‑02‑01 16:55:01MEDIUM (5)Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.00NETWORK
CVE‑2012‑04462012‑02‑01 16:55:01MEDIUM (4)Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.00NETWORK
CVE‑2012‑04452012‑02‑01 16:55:01MEDIUM (5)Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.00NETWORK
CVE‑2012‑04442012‑02‑01 16:55:01HIGH (10)Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.00NETWORK
CVE‑2012‑04432012‑02‑01 16:55:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04422012‑02‑01 16:55:01HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2012‑04412012‑06‑05 23:55:01MEDIUM (5)The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.00NETWORK
CVE‑2011‑46882011‑12‑07 19:55:03MEDIUM (5)Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.00NETWORK
CVE‑2011‑38662011‑09‑29 00:55:03MEDIUM (4)Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.00NETWORK
CVE‑2011‑36712012‑06‑18 19:55:01HIGH (8)Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.00NETWORK
CVE‑2011‑36702012‑02‑01 16:55:01MEDIUM (5)Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.00NETWORK
CVE‑2011‑36662011‑12‑21 04:02:01MEDIUM (7)Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.00NETWORK
CVE‑2011‑36652011‑12‑21 04:02:01HIGH (8)Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.00NETWORK
CVE‑2011‑36642011‑12‑21 04:02:01MEDIUM (7)Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.00NETWORK
CVE‑2011‑36632011‑12‑21 04:02:01MEDIUM (4)Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.00NETWORK
CVE‑2011‑36612011‑12‑21 04:02:01HIGH (8)YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.00NETWORK
CVE‑2011‑36602011‑12‑21 04:02:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.00NETWORK
CVE‑2011‑36592012‑02‑01 16:55:01HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.00NETWORK
CVE‑2011‑36582011‑12‑21 04:02:01HIGH (8)The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.00NETWORK
CVE‑2011‑36562021‑06‑02 17:15:08MEDIUM (6)Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.33NETWORK
CVE‑2011‑36552011‑11‑09 11:55:04HIGH (9)Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.00NETWORK
CVE‑2011‑36542011‑11‑09 11:55:04HIGH (10)The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑36532011‑11‑09 11:55:04MEDIUM (5)Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.00NETWORK
CVE‑2011‑36522011‑11‑09 11:55:04HIGH (10)The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑36512011‑11‑09 11:55:04HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑36502011‑11‑09 11:55:04HIGH (9)Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.00NETWORK
CVE‑2011‑36492011‑11‑09 11:55:04LOW (3)Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.00NETWORK
CVE‑2011‑36482011‑11‑09 11:55:04MEDIUM (4)Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.00NETWORK
CVE‑2011‑36472011‑11‑09 11:55:04HIGH (9)The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.00NETWORK
CVE‑2011‑33892011‑09‑06 19:55:03MEDIUM (4)The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.00NETWORK
CVE‑2011‑33842011‑09‑08 18:55:02MEDIUM (4)Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.00NETWORK
CVE‑2011‑33392011‑12‑17 03:54:46MEDIUM (4)Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.00NETWORK
CVE‑2011‑32322011‑09‑29 00:55:02HIGH (9)YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.00NETWORK
CVE‑2011‑30792012‑05‑01 10:12:04HIGH (10)The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.00NETWORK
CVE‑2011‑30622012‑03‑30 22:55:02MEDIUM (7)Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.00NETWORK
CVE‑2011‑30052011‑09‑29 00:55:02HIGH (9)Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.00NETWORK
CVE‑2011‑30042011‑09‑29 00:55:02MEDIUM (4)The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.00NETWORK
CVE‑2011‑30032011‑09‑29 00:55:01HIGH (10)Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.00NETWORK
CVE‑2011‑30022011‑09‑29 00:55:01HIGH (9)Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.00NETWORK
CVE‑2011‑30012011‑09‑29 00:55:01MEDIUM (4)Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.00NETWORK
CVE‑2011‑30002011‑09‑29 00:55:01MEDIUM (4)Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.00NETWORK
CVE‑2011‑29992011‑09‑29 00:55:01MEDIUM (4)Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.00NETWORK
CVE‑2011‑29982011‑09‑30 10:55:04HIGH (10)Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.00NETWORK
CVE‑2011‑29972011‑09‑29 00:55:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑29962011‑09‑29 00:55:01HIGH (10)Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑29952011‑09‑29 00:55:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑29932011‑08‑18 18:55:02HIGH (9)The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.00NETWORK
CVE‑2011‑29922011‑08‑18 18:55:02HIGH (10)The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑29912011‑08‑18 18:55:02HIGH (10)The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑29902011‑08‑18 18:55:02MEDIUM (5)The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.00NETWORK
CVE‑2011‑29892011‑08‑18 18:55:02HIGH (10)The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑29882011‑08‑18 18:55:02HIGH (10)Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.00NETWORK
CVE‑2011‑29872011‑08‑18 18:55:02HIGH (10)Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2011‑29862011‑08‑18 18:55:02MEDIUM (5)Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.00NETWORK
CVE‑2011‑29852011‑08‑18 18:55:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑29842011‑08‑18 18:55:02HIGH (10)Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.00NETWORK
CVE‑2011‑29832011‑08‑18 18:55:02MEDIUM (4)Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.00NETWORK
CVE‑2011‑29822011‑08‑18 18:55:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑29812011‑08‑18 18:55:02HIGH (9)The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.00NETWORK
CVE‑2011‑29802011‑08‑18 18:55:02HIGH (7)Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.00LOCAL
CVE‑2011‑26702020‑01‑13 14:15:12MEDIUM (6)Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets33NETWORK
CVE‑2011‑26692020‑01‑21 15:15:12MEDIUM (7)Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.34NETWORK
CVE‑2011‑26682020‑01‑21 15:15:12HIGH (9)Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header36NETWORK
CVE‑2011‑26052011‑06‑30 16:55:06MEDIUM (4)CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.00NETWORK
CVE‑2011‑25982011‑06‑30 15:55:04MEDIUM (4)The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.00NETWORK
CVE‑2011‑23782011‑08‑18 18:55:01HIGH (10)The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."00NETWORK
CVE‑2011‑23772011‑06‑30 16:55:06MEDIUM (5)Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.00NETWORK
CVE‑2011‑23762011‑06‑30 16:55:05HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑23752011‑06‑30 16:55:05HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑23742011‑06‑30 16:55:05HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑23732011‑06‑30 16:55:05HIGH (8)Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.00NETWORK
CVE‑2011‑23722011‑09‑29 00:55:01LOW (4)Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.00NETWORK
CVE‑2011‑23712011‑06‑30 16:55:05HIGH (10)Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.00NETWORK
CVE‑2011‑23702011‑06‑30 16:55:05MEDIUM (5)Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.00NETWORK
CVE‑2011‑23692011‑06‑30 16:55:05MEDIUM (4)Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.00NETWORK
CVE‑2011‑23682011‑06‑30 16:55:05HIGH (10)The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.00NETWORK
CVE‑2011‑23672011‑06‑30 16:55:05MEDIUM (6)The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.00NETWORK
CVE‑2011‑23662011‑06‑30 15:55:03MEDIUM (4)Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.00NETWORK
CVE‑2011‑23652011‑06‑30 16:55:05HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.00NETWORK
CVE‑2011‑23642011‑06‑30 16:55:05HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.00NETWORK
CVE‑2011‑23632011‑06‑30 16:55:05HIGH (10)Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.00NETWORK
CVE‑2011‑23622011‑06‑30 16:55:05MEDIUM (5)Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.00NETWORK
CVE‑2011‑17122011‑04‑15 20:55:01MEDIUM (4)The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.00NETWORK
CVE‑2011‑13002011‑04‑15 19:55:01HIGH (10)The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.00NETWORK
CVE‑2011‑11872011‑03‑11 02:01:19MEDIUM (5)Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."00NETWORK
CVE‑2011‑00852011‑06‑30 16:55:05HIGH (10)Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.00NETWORK
CVE‑2011‑00842011‑08‑18 18:55:01HIGH (10)The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."00NETWORK
CVE‑2011‑00832011‑06‑30 16:55:05HIGH (10)Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.00NETWORK
CVE‑2011‑00822011‑06‑06 19:55:01MEDIUM (4)The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server.00NETWORK
CVE‑2011‑00812011‑05‑07 18:55:02HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑00802011‑05‑07 18:55:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑00792011‑05‑07 18:55:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.00NETWORK
CVE‑2011‑00782011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.00NETWORK
CVE‑2011‑00772011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.00NETWORK
CVE‑2011‑00762011‑05‑07 18:55:01HIGH (8)Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.00NETWORK
CVE‑2011‑00752011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.00NETWORK
CVE‑2011‑00742011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.00NETWORK
CVE‑2011‑00732011‑05‑07 18:55:01HIGH (10)Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."00NETWORK
CVE‑2011‑00722011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.00NETWORK
CVE‑2011‑00712011‑05‑07 18:55:01MEDIUM (5)Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.00NETWORK
CVE‑2011‑00702011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.00NETWORK
CVE‑2011‑00692011‑05‑07 18:55:01HIGH (10)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.00NETWORK
CVE‑2011‑00672011‑05‑07 18:55:01MEDIUM (5)Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.00NETWORK
CVE‑2011‑00662011‑05‑07 18:55:01HIGH (10)Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.00NETWORK
CVE‑2011‑00652011‑05‑07 18:55:01HIGH (10)Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.00NETWORK
CVE‑2011‑00622011‑03‑02 20:00:02HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑00612011‑03‑02 20:00:02HIGH (9)Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.00NETWORK
CVE‑2011‑00592011‑03‑02 20:00:02MEDIUM (7)Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.00NETWORK
CVE‑2011‑00582011‑03‑02 20:00:02HIGH (10)Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.00NETWORK
CVE‑2011‑00572011‑03‑02 20:00:02HIGH (10)Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.00NETWORK
CVE‑2011‑00562011‑03‑02 20:00:02HIGH (10)Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.00NETWORK
CVE‑2011‑00552011‑03‑02 20:00:02HIGH (10)Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.00NETWORK
CVE‑2011‑00542011‑03‑02 20:00:01HIGH (10)Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.00NETWORK
CVE‑2011‑00532011‑03‑02 20:00:01HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2011‑00512011‑03‑02 20:00:01MEDIUM (7)Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.00NETWORK
CVE‑2010‑50742011‑12‑07 19:55:02MEDIUM (4)The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.00NETWORK
CVE‑2010‑45082010‑12‑09 20:00:18HIGH (10)The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.00NETWORK
CVE‑2010‑37782010‑12‑10 19:00:03HIGH (9)Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑37772010‑12‑10 19:00:03HIGH (9)Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑37762010‑12‑10 19:00:03HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑37752010‑12‑10 19:00:03HIGH (9)Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.00NETWORK
CVE‑2010‑37742010‑12‑10 19:00:03MEDIUM (4)The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.00NETWORK
CVE‑2010‑37732010‑12‑10 19:00:03MEDIUM (7)Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.00NETWORK
CVE‑2010‑37722010‑12‑10 19:00:03HIGH (9)Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.00NETWORK
CVE‑2010‑37712010‑12‑10 19:00:02MEDIUM (7)Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.00NETWORK
CVE‑2010‑37702010‑12‑10 19:00:02MEDIUM (4)Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.00NETWORK
CVE‑2010‑37692010‑12‑10 19:00:02HIGH (9)The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.00NETWORK
CVE‑2010‑37682010‑12‑10 19:00:02HIGH (9)Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.00NETWORK
CVE‑2010‑37672010‑12‑10 19:00:02HIGH (9)Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.00NETWORK
CVE‑2010‑37662010‑12‑10 19:00:02HIGH (9)Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.00NETWORK
CVE‑2010‑37652010‑10‑28 00:00:05HIGH (9)Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.00NETWORK
CVE‑2010‑34002010‑09‑15 20:00:03MEDIUM (6)The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.00NETWORK
CVE‑2010‑33992010‑09‑15 20:00:03MEDIUM (6)The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.00NETWORK
CVE‑2010‑31832010‑10‑21 19:00:04HIGH (9)The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.00NETWORK
CVE‑2010‑31822010‑10‑21 19:00:03MEDIUM (7)A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.00LOCAL
CVE‑2010‑31812010‑10‑21 19:00:03MEDIUM (7)Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.00LOCAL
CVE‑2010‑31802010‑10‑21 19:00:03HIGH (9)Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.00NETWORK
CVE‑2010‑31792010‑10‑21 19:00:03HIGH (9)Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.00NETWORK
CVE‑2010‑31782010‑10‑21 19:00:03MEDIUM (6)Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.00NETWORK
CVE‑2010‑31772010‑10‑21 19:00:03MEDIUM (4)Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.00NETWORK
CVE‑2010‑31762010‑10‑21 19:00:03HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑31752010‑10‑21 19:00:03HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑31742010‑10‑21 19:00:03HIGH (9)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑31732010‑10‑21 19:00:03HIGH (8)The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.00NETWORK
CVE‑2010‑31712010‑09‑15 20:00:02MEDIUM (6)The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.00NETWORK
CVE‑2010‑31702010‑10‑21 19:00:03MEDIUM (4)Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.00NETWORK
CVE‑2010‑31692010‑09‑09 19:00:03HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑31682010‑09‑09 19:00:03HIGH (9)Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.00NETWORK
CVE‑2010‑31672010‑09‑09 19:00:03HIGH (9)The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."00NETWORK
CVE‑2010‑31662010‑09‑09 19:00:03HIGH (9)Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.00NETWORK
CVE‑2010‑31312010‑08‑26 18:36:36HIGH (9)Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.00NETWORK
CVE‑2010‑27702010‑09‑09 19:00:03HIGH (9)Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.00NETWORK
CVE‑2010‑27692010‑09‑09 19:00:03MEDIUM (4)Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.00NETWORK
CVE‑2010‑27682010‑09‑09 19:00:03MEDIUM (4)Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.00NETWORK
CVE‑2010‑27672010‑09‑09 19:00:02HIGH (9)The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."00NETWORK
CVE‑2010‑27662010‑09‑09 19:00:02HIGH (9)The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.00NETWORK
CVE‑2010‑27652010‑09‑09 19:00:02HIGH (9)Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.00NETWORK
CVE‑2010‑27642010‑09‑09 19:00:02MEDIUM (4)Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.00NETWORK
CVE‑2010‑27632010‑09‑09 19:00:02MEDIUM (4)The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.00NETWORK
CVE‑2010‑27622010‑09‑09 19:00:02MEDIUM (7)The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.00NETWORK
CVE‑2010‑27602010‑09‑09 19:00:02HIGH (9)Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.00NETWORK
CVE‑2010‑27552010‑07‑30 13:26:19HIGH (10)layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.00NETWORK
CVE‑2010‑27542010‑07‑30 13:26:19MEDIUM (5)dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.00NETWORK
CVE‑2010‑27532010‑07‑30 20:30:02HIGH (9)Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.36NETWORK
CVE‑2010‑27522010‑07‑30 20:30:02HIGH (9)Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.00NETWORK
CVE‑2010‑27512010‑07‑30 20:30:02LOW (3)The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.00NETWORK
CVE‑2010‑21792010‑06‑15 18:00:02MEDIUM (4)Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.00NETWORK
CVE‑2010‑21172010‑06‑01 20:30:03MEDIUM (4)Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.00NETWORK
CVE‑2010‑19902010‑05‑20 17:30:02MEDIUM (5)Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.00NETWORK
CVE‑2010‑19882010‑05‑20 17:30:02HIGH (10)Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.00NETWORK
CVE‑2010‑19872010‑05‑20 17:30:02MEDIUM (5)Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.00NETWORK
CVE‑2010‑19862010‑05‑20 17:30:01MEDIUM (5)Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571.00NETWORK
CVE‑2010‑15852010‑04‑28 22:30:01HIGH (9)The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.00NETWORK
CVE‑2010‑12152010‑07‑30 20:30:02MEDIUM (7)Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."00NETWORK
CVE‑2010‑12142010‑07‑30 20:30:02HIGH (9)Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.00NETWORK
CVE‑2010‑12132010‑07‑30 20:30:02MEDIUM (4)The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.00NETWORK
CVE‑2010‑12122010‑07‑30 20:30:02HIGH (9)js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.00NETWORK
CVE‑2010‑12112010‑07‑30 20:30:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑12102010‑07‑30 20:30:01MEDIUM (4)intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.00NETWORK
CVE‑2010‑12092010‑07‑30 20:30:01HIGH (9)Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.00NETWORK
CVE‑2010‑12082010‑07‑30 20:30:01HIGH (9)Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.36NETWORK
CVE‑2010‑12072010‑07‑30 20:30:01MEDIUM (4)Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.00NETWORK
CVE‑2010‑12062010‑06‑25 19:30:02MEDIUM (4)The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.00NETWORK
CVE‑2010‑12032010‑06‑24 12:30:02HIGH (9)The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.00NETWORK
CVE‑2010‑12022010‑06‑24 12:30:02HIGH (9)Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑12012010‑06‑24 12:30:02HIGH (9)Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑12002010‑06‑24 12:30:02HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑11992010‑06‑24 12:30:02HIGH (9)Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.00NETWORK
CVE‑2010‑11982010‑06‑24 12:30:02HIGH (9)Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.00NETWORK
CVE‑2010‑11972010‑06‑24 12:30:02MEDIUM (4)Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.00NETWORK
CVE‑2010‑11962010‑06‑24 12:30:01HIGH (9)Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.00NETWORK
CVE‑2010‑11252010‑03‑26 20:30:01MEDIUM (6)The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.00NETWORK
CVE‑2010‑11222010‑03‑25 22:30:01HIGH (10)Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.00NETWORK
CVE‑2010‑11212010‑03‑25 21:00:01HIGH (10)Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.00NETWORK
CVE‑2010‑10282010‑03‑19 21:30:00HIGH (9)Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.00NETWORK
CVE‑2010‑06542010‑02‑18 18:00:01MEDIUM (4)Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.00NETWORK
CVE‑2010‑06482010‑02‑18 18:00:01MEDIUM (4)Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.00NETWORK
CVE‑2010‑02202010‑01‑07 19:30:00MEDIUM (5)The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.00NETWORK
CVE‑2010‑01832010‑06‑24 12:30:01HIGH (9)Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.00NETWORK
CVE‑2010‑01822010‑04‑05 17:30:01MEDIUM (4)The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.00NETWORK
CVE‑2010‑01812010‑04‑05 17:30:01MEDIUM (4)Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.00NETWORK
CVE‑2010‑01792010‑04‑05 17:30:01MEDIUM (5)Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.00NETWORK
CVE‑2010‑01782010‑04‑05 17:30:01HIGH (8)Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.00NETWORK
CVE‑2010‑01772010‑04‑05 17:30:01HIGH (9)Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."00NETWORK
CVE‑2010‑01762010‑04‑05 17:30:00HIGH (9)Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."00NETWORK
CVE‑2010‑01752010‑04‑05 17:30:00HIGH (9)Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.00NETWORK
CVE‑2010‑01742010‑04‑05 17:30:00HIGH (10)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑01732010‑04‑05 17:30:00HIGH (9)Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.00NETWORK
CVE‑2010‑01722010‑03‑25 21:00:01MEDIUM (4)toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.00NETWORK
CVE‑2010‑01712010‑03‑25 21:00:01MEDIUM (4)Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.00NETWORK
CVE‑2010‑01702010‑03‑25 21:00:01MEDIUM (4)Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.00NETWORK
CVE‑2010‑01692010‑03‑25 21:00:01MEDIUM (5)The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.00NETWORK
CVE‑2010‑01682010‑03‑25 21:00:00HIGH (8)The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.00NETWORK
CVE‑2010‑01672010‑03‑25 21:00:00HIGH (9)The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.00NETWORK
CVE‑2010‑01662010‑03‑25 21:00:00MEDIUM (5)The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.00NETWORK
CVE‑2010‑01652010‑03‑25 21:00:00HIGH (9)The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.00NETWORK
CVE‑2010‑01642010‑03‑25 21:00:00HIGH (9)Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.00NETWORK
CVE‑2010‑01622010‑02‑22 13:00:02MEDIUM (4)Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.00NETWORK
CVE‑2010‑01602010‑02‑22 13:00:02HIGH (10)The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.00NETWORK
CVE‑2010‑01592010‑02‑22 13:00:02HIGH (10)The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.00NETWORK
...
...
Lavawall Computer Listing
Lavawall patch grid
Lavawall MSP Overview Dashboard
Lavawall patch grid

Get the IT stuff done that nobody wants to do.

Patch more applications, achieve compliance, and prevent problems while reducing stress with Lavawall®.

Security First

A security tool by security auditors. From Passkeys and Argon2i to source validation and MVSP principles, Lavawall® has you covered.

Constant Improvement

More features and more security added nearly every day.

More patchable programs added every week

While Ninite and other patching tools have had the same patch offerings for decades, we're monitoring stats to keep adding the most useful programs (currently over 7,438)!

Details matter

From wrapping TLS communications in extra encryption and uninstalling remote support tools when they aren't used to detailed statistical analysis of system and network performance, Lavawall® goes in-depth.

Human and automated support

Get immediate fixes, user notifications, admin notifications -- and even security-certified human level 3 support when our advanced statistical analysis confirms a problem or anomaly.

We are constantly improving the Lavawall® tools to add more value. Some of our most recent changes include:
2025‑01‑290.12.35.222Risk score refinements
2025‑01‑170.12.29.216Enhanced compliance and non-standard AV
2025‑01‑130.12.28.215Improved process graphs
2025‑01‑070.12.27.214Antivirus details, compliance
2024‑12‑270.12.24.211
2024‑12‑020.12.19.206
2024‑11‑220.12.18.205
2024‑10‑300.12.8.195Mac update refinements
2024‑10‑250.12.3.190
2024‑10‑210.12.0.187Macos implementaiton, linux and windows improvements
2024‑10‑160.11.128.186Linux stats and system information improvements, improvements for application shutdown
2024‑09‑120.11.113.171CPU Optimizations and Packages reliability improvements
2024‑09‑050.11.106.164Phased deployment enhancements
2024‑09‑040.11.103.161
2024‑09‑020.11.102.160CPU Optimizations and Packages reliability improvements
2024‑08‑300.11.99.157CPU Optimizations and Packages reliability improvements
2024‑08‑290.11.98.156CPU utilization and console event optimization
2024‑08‑280.11.97.155Reliability to detect unusual updates like redistributables.
2024‑08‑270.11.96.154
2024‑08‑260.11.95.153Faster response for reboot requests
2024‑08‑200.11.92.150Additional package upgrade pre-requisites
2024‑08‑150.11.89.147
2024‑08‑060.11.87.145
2024‑07‑260.11.83.141Add resiliency for MAC duplicates and uptime
2024‑07‑250.11.82.140Changes to facilitate cross-platform use. Bitlocker and Windows key refinements
2024‑07‑150.11.80.138Antivirus and temperature added to configuration checks
2024‑07‑150.11.79.137Add configuration checks for execution policy and secure boot
2024‑07‑110.11.77.135load balancing refinements
2024‑07‑100.11.76.134Add additional load balancing and data residency capabilities, add randomness to recurring task timings to decrease server load
2024‑07‑050.11.74.132changes to graph and residual work on user imporsonation
2024‑07‑040.11.73.131Add configuration checks for execution policy and secure boot.
2024‑07‑030.11.72.130Enhanced event log monitoring
2024‑07‑020.11.71.129Add details to Windows updates, enhanced risk metrics for application patches
2024‑06‑190.11.65.123Update resiliancy and garbage collection
2024‑06‑130.11.60.118Enhanced logging
2024‑06‑120.11.55.113Include the primary drive serial number; MAC addresses for built-in wireless, Bluetooth, and ethernet into the device hash to restore uninstalled and reinstalled devices in cases where the motherboard serial is not unique
2024‑06‑070.11.54.112Patch and package uninstall data addition
2024‑06‑050.11.47.105refine per-user registry application listing
2024‑06‑020.11.45.103uninstall and reinstall refinements, refine local logging, refine self-update and uninstall timing
2024‑05‑300.11.21.79various bug fixes and improvements
2024‑05‑280.11.16.74Error logging, registration, and uninstall improvements.
2024‑05‑240.11.14.72applied changes for devices and login commands, changes for registration as well
2024‑05‑220.11.13.71Add Windows computer model, improve Operating System parsing
2024‑05‑210.11.11.69Added additional states for Windows update, flexibility for non-standard program file configurations, support for network diagrams at the switch level, details for Windows editions
2024‑05‑210.11.10.68Add specific cases for Defender patterns and Composer versions.
2024‑05‑170.11.3.61Change Log storage location to c:\program files\Lavawall
2024‑05‑170.11.1.59self-update improvements.
2024‑05‑160.8.0.55 error log reporting and management.
2024‑05‑150.7.0.54Websocket resiliency improvements
2024‑05‑090.6.0.53 Error log reporting and management.

Although the Linux agent code base is mature, dating back to 2006, we're still constantly improving it to add value and compatibility for new distributions. Some of our most recent changes include:
NOTE: changes after June 2024 are incorportated into the Windows Changelog as the codebases for Windows, Linux, and Mac were combined
2024‑05‑20253Added cleanup of old .json files during a re-install
2024‑05‑13252Added apt-get update to install
2024‑05‑06248Allow restart to use /var/run/reboot-required if needrestart is not installed
2024‑04‑22239Improve internal update and version tracking
2024‑04‑15235Add support for Yum packages
2024‑04‑08233Align patching with Windows patch reporting
2024‑04‑02228Add support for needrestart
2024‑03‑04224Schedule restarts
2024‑03‑25221Add support for apt packages
2024‑03‑18212Implement release management
2024‑03‑11202Add user login monitoring
2024‑03‑04189Enhance installation reliability
2024‑02‑26187Exapand triggers to identify if the instance needs to be restarted
2024‑02‑19146Improve compatibility for non-AWS instances
2024‑02‑14138Add self-uninstall capabilities
2024‑02‑12135Enhance scheduling flexibility
2024‑02‑07132Add kernel version tracking
2024‑02‑05124Add device hash to cryptographic self-update script validation
2024‑01‑29107Enhance encryption of patch data
2024‑01‑2298Improve how available storage is calculated
2024‑01‑1597Move initial tasks from installation file to sub scripts
2024‑05‑2191Improve multi-distribution compatibility
2024‑05‑2179Improve encryption reliability
2023‑12‑1168Enhance cryptographic validation of new scripts before updating
2023‑11‑2062Add inner layer of AES encryption in case TLS inspection doesn't allow for a secure connection
2023‑11‑2756Additional base cases for resiliancy
2023‑11‑2054Additional headers added to authentication process during installation.
2023‑11‑2053Enhanced key management
2023‑11‑1551Add insecure installation parameter to allow installation in environments with TLS inspection or other machine-in-the-middle situations.
2023‑11‑0642Enhance redundant encryption during installation.
2023‑10‑3033Improve install-over compatibility
2023‑10‑2318Add reboot configuration and scheduling
2023‑10‑2317Add self-updating functionality.
2023‑10‑1615Add Linux patching information for apt
2023‑10‑0914Collect system information
2023‑10‑0913Add Linux distribution information
2023‑09‑3012Add memory monitoring
2023‑09‑3010Add hardware information
2023‑09‑239Add AWS information
2023‑09‑238Add customized schedule capability for configuration updates
2023‑09‑237Add support for package monitoring using package and dpkg logs
2023‑09‑166Add storage data configuration gathering
2023‑09‑165Add CPU information

Lavawall®'s data gathering approach started with Government and Fortune 50 information security audits. When our founder transitioned from audit and assurance work to a Managed IT Service Provider (MSP), he was shocked that basics like Multi-Factor Authentication were painful to implement in some RMMs like ConnectWise and it was impossible to turn off remote access services in others like Datto RMM and SuperOps.

Lavawall® was built from the ground up with these concerns and the Minimum Viable Secure Product requirements in mind.

Some of the controls we implemented include:
  • PassKeys as the preferred primary authentication at no additional cost
  • Single Sign-on using modern, maintained, and industry-standard protocols for all customers at no additional cost
  • Multi-Factor Authentication as a non-negotiable default
  • Encrypting communications the same way as TLS again within the TLS tunnel, so we can allow TLS inspection without breaking like Huntress or disclosing security vulnerabilities to eavesdroppers.
  • Encouraging external vulnerability reports and customer testing
  • Passwords checked against popular disclosed passwords, hashed before they leave your computer, and then stored using Argon2id
  • Not requiring the use of passwords at all. We consider them a temporary backup authentication in case you can't use passkeys or SSO.

Lavawall® scanning computers are on dedicated servers in Calgary, Alberta, Canada.
Lavawall® databases and front-end systems are hosted with AWS in Montréal, Québec, Canada.
We send emails through AWS in Ireland and dedicated servers in Calgary, Alberta, Canada.
We send text messages for additional identity verification through Twilio in the United States.
We store executables and pass requests through Cloudflare at your nearest edge location.
We use Cloudflare for risk management, turnstile, and web application firewall services.
We use LeadPages for landing pages.
We use Google and Facebook for analytics on our public-facing pages, but they do not have access to the console.
We integrate with third-party tools, such as Microsoft, Google, Huntress, Screen Connect, Axcient, and Datto in their respective locations. However, you must initiate these integrations through single sign-on or by enabling them in your Lavawall® console.

Active security by design

Lavawall® is under active development with the latest release including:

7,438+

Monitored Applications

61+

System Metrics

Actively manage your IT with Lavawall®

Patching

Updates Beyond Windows

Lavawall® prevents the 80% of breaches and failed audits due to missing patches and updates.
You can reduce application patching delays from 67 days to nearly immediate with the 350+ applications that Lavawall® monitors and patches.

Patch release monitoring
Monitor everything without having to select packages or “managed applications”
Patch impact classification
Standard and optional Windows patches
Lavawall patch grid
Application Patching

Some of the applications that Lavawall® monitors and audits include:


Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
.NET Framework
.NET Reactor
.NET updates
0 A.D.
010 Editor
010 Memorizer
0patch Agent
0xGingi-Browser
0xGingi-Browser Installer
115Chrome
12306-electron
123pan
1History
1Password
1Password Beta
1Password CLI
2FAGuard
33TaiCi
33ZiMu
360 Chrome X
360 File Guard
360 Gt
360 Se
360 Virtual Vault
360 Zip
360AlbumViewer
360Chrome
360CleanMaster
360DesktopLite
360Ent
360File
3CX Call Flow Designer
3CX Desktop App
3CXPhone for Windows
3CXPhone for Windows
3Dconnexion 3DxWare 10
3DF Zephyr Free
3Kontakt
4K Slideshow Maker
4K Stogram
4K Tokkit
4K Video Downloader
4K Video Downloader+
4K Video to MP3
4K YouTube to MP3
4t Tray Minimizer Free
5e Spell Viewer
5EClient
6.0 .NET Desktop Runtime
6.0 .NET Runtime
6.0 .NET SDK
6.0 ASP.NET Core Runtime
64-bit
64Gram Desktop
7-Zip Alpha (exe)
7-Zip Alpha (msi)
7-Zip ZS
7.0 .NET Desktop Runtime
7.0 .NET Runtime
7.0 .NET SDK
7.0 ASP.NET Core Runtime
7+ Taskbar Tweaker
720Kb Ndm
7Room Aya
7S2P Effie
7S2P Effie Cn
7Zip
8.0 .NET Desktop Runtime
8.0 .NET Runtime
8.0 .NET SDK
8.0 ASP.NET Core Runtime
86Box Manager
8GadgetPack
8x8 Work
9.0 .NET Desktop Runtime
9.0 .NET Runtime
9.0 .NET SDK
9.0 ASP.NET Core Runtime
A3Launcher
AAAAXY
Aadhaar Card Password Remover
Aardappel Cube
AAS WorldWide Telescope
AbaClient
AbbFixer
ABCEBankAssistant
Abdelrahmanbayoumi Azkar
ABDownloadManager
Abhimanyu003 Sttr
Ability Office 10 Professional
Ability Office 10 Standard
Ability Office 8 Professional
Ability Office 8 Standard
Ablaze Floorp
Abricotine
ABS PDF Install
absolute-uninstaller
Abyss Overlay
Access
Ace Stream Media
ACE Studio
AceMovi Video Editor
Acer Configuration Manager
Acer drivers and firmware
AcFunVirtualTool
Achievement Watcher
ACNESCreator
Acornlabs Acorn
Acronis True Image
Acrosync
Acrylic DNS
Actifile Agent
Action!
actionlint
Active Backup For Business
Active@ Boot Disk
Active@ Data Burner
Active@ Data Studio
Active@ Disk Editor
Active@ Disk Image
Active@ Disk Monitor
Active@ DVD Eraser
Active@ File Recovery
Active@ ISO Burner
Active@ ISO Manager
Active@ KillDisk
Active@ LiveCD
Active@ Partition Manager
Active@ Password Changer
Active@ UNDELETE
Active@ UNERASER
Active@ ZDelete
ActiveChart
ActiveState Komodo Edit
ActiveState Komodo IDE
ActivityWatch
Adalang Alire
Adalang Alire Portable
ADAMANT Messenger
ADB AppControl
Adblock Plus
AddCurrentPath
AddonsSupport
AdGuard
AdGuard VPN
AdGuard VPN Beta
AdGuardHome
AdGuardVPN
AdiIRC
ADKPEAddon
AdMobilize Desktop UI
AdMobilizeVisionService
admprovider
Adobe Acrobat (64-bit)
Adobe Acrobat DC (64-bit)
Adobe Acrobat Pro
Adobe Acrobat Reader
Adobe Acrobat Reader DC
Adobe AIR
Adobe Audition
Adobe Bridge
Adobe Character Animator
Adobe Connect
Adobe Connect application MSI
Adobe Creative Cloud
Adobe Creative Cloud
Adobe DNG Converter
Adobe Dreamweaver
Adobe Illustrator
Adobe InDesign
Adobe Lightroom
Adobe Lightroom Classic
Adobe Photoshop
AdoptOpenJDK JDK with Hotspot 8
Adoptopenjdk Openjdk 11
Adoptopenjdk Openjdk 14
Adoptopenjdk Openjdk 15
Adoptopenjdk Openjdk 16
Adoptopenjdk Openjdk 17
aDrive
ADS-B Spy
Advanced Combat Tracker
Advanced Disk Recovery
Advanced Driver Updater
Advanced EFS Password Recovery
Advanced IM Password Recovery
Advanced Installer
Advanced IP Scanner
Advanced Log Viewer
Advanced PDF Password Recovery
Advanced Renamer
Advanced Sage Password Recovery
Advanced SQL Password Recovery
Advanced System Optimizer
Advanced SystemCare
AdvancedFileFinder
Advancedfx Hlae
AdvancedOfficePasswordR
AdvancedRestClient
AdvancedRun
Adventure Game Studio
AdwCleaner
Aegisub
Aegisub (Dev)
Aerosoft One
AeroZoom Beta
AFFiNE
Afformation Requester
Afractal Echo
AfterLife
Aftman
Agantty
Agent Git
Agent Ransack
Agent SVN
Agente Milvus Core
AGFEO Dashboard
Agilent Lab Advisor
AHM System Manager
Ahoy
AIDA64 Engineer
AIDA64 Extreme
AILZ80ASM
AIMeetingManager
AIMP
Air Explorer
Aircall
AirDroid
AirGame
AirMyPC
AirPodsDesktop
AirPort
Airshipper
Airtable
Airtame
AirTeach
Airytec Switch Off
Ais Decoder
Aiursoft Kahla
AkasakiMinato
AkelPad
Akeo Ie Zadig
Akko Cloud Driver
aks-engine-azures
Alacritty
Aladin eBook
Alagrede Znote
alarm-cron
Albayan
Albion Online
Album Art Downloader XUI
Alchemist
Aldanial Cloc
ALEAPP
ALEAPP CLI
Alexanderkojevnikov Spek
Algernon
Algodoo
AlgoKit
Alibaba Aliim
Alibaba Cloud CLI
Alibaba Quark
Alibaba Yuque
Alice 3
aliceandbob.io
AlienVault
AlienVault OSIM
Alienware Command Center Suite
AlignCli
AliMail
AlipayKeyTool
Alist
alist-desktop
AlistHelper
AliWorkbench
aliyunpan
AllDup
AllToMP3
Allway Sync
Alphabiz
Alt-Tab Terminator
Altair GraphQL Client
Altap Salamander
AltDrag
AltServer
AltSnap
AM_Master
Amanharwara Altus
Amarok
Amazon Chime
Amazon Corretto 11
Amazon Corretto 17
Amazon Corretto 18
Amazon Corretto 19
Amazon Corretto 22
Amazon Corretto 23
Amazon Corretto 8
Amazon Corretto JRE 8
Amazon Games
Amazon Kindle
Amazon Music
Amazon Send to Kindle
Amazon WorkSpaces
AMD Encoder for OBS Studio
Amd Ocat
AMD Software: Cloud Edition
Amethyst
Amn Yasb
AMP Instance Manager
AMR Interpretation Engine
Amrdeveloper Gitql
ams.Client
Amulet
Anaconda3
Anchor Cli
Anchore Grype
Anchore Quill
Anchore Syft
Andreas Wascher Repoz
Andrewbrey Flot
Android GPU Inspector 3.3.0
Android SDK Platform-Tools
Android Studio
Android Studio Beta
Android Studio Canary
Android11React
AndroidMessages
Angry IP Scanner
Anim8or
anime-library
AnimeBack
Animiz Animation Maker
AnkerMake Studio
Anki
Annotator
Another Qt installer
Another Redis Desktop Manager
Ant Commander Personal
Ant Commander Pro
Ant Renamer
Antares
Anti-Twin
AntiMicro
AntiMicroX
AntiMicroX Portable
Antonmedv Walk
Antony Courtney Tad
Antstream
Antutu Benchmark
Anvil Studio
AnyBurn
AnyDesk
AnyDesk Windows
Anydo
AnyFix - iOS System Recovery
Anylogic Professional
Anylogic University
anyquery
AnythingLLM
AnyToISO
AnyTXT Searcher
Anytype
AnyViz Universal Cloud Adapter
AO10003
aoc-cli
AOMEI Backupper
AOMEI Partition Assistant
Apache Directory Studio
Apache HTTP Server
Apache JMeter
Apache NetBeans IDE
Apache Parquet for .NET
Ape Cloud Kbcli
Apifox
APK Installer
App Installer
App Vleer
AppCheck
AppCrashView
Appest Dida
AppFlowy
AppGallery
AppInstallerFileBuilder
Appium Inspector
Appium Server GUI
Apple App Support x64
Apple App Support x86
Apple Mobile Device Support
Apple Pkl
Applet Runner Pro
AppleWin
AppReadWriteCounter
APRSIS32
Aqua (Public Preview)
Aqua Security Trivy
Aquaproj Aqua
AquaSnap
Araxis Merge
ArcCommander
ArchiSteamFarm
ArchivePassword
archiver
Arctype
ArdorQuery
Arduino CLI
Arduino IDE
Arduino IDE Beta
Arduino IDE RC
Arduino USB Driver
ARES Commander 2022
ARES Commander 2023
ARES Commander 2024
ARES Commander 2025
Ares Emulator
ARES Map 2022
ARES Map 2023
ARES Mechanical 2022
ARES Mechanical 2023
ARES Mechanical 2024
ARES Mechanical 2025
ArgoCD
Argus Monitor
Aria2
ARLiveForAcfunLive
Arm GNU Toolchain
ArmA3Sync
Armagetron Advanced
ArmaQDL
Armaria
ArmouryCrate
ArrayFire
Art
Artha
ArtHub
Artistic Style
Artix Game Launcher
Asana
ascii-image-converter
AsciidocFX
ASCIIEngine
Asciinema Agg
Asdfjkl Yahb
Aserto CLI
Aserto Topaz
ASGARDEX
Ashampoo WinOptimizer 26
ASIO4ALL
AssaultCube
Assessment Disaggregation
Assetizr
AssetRipper
Assinador Serpro
ast-grep
astiga
Astral-Sh Ruff
Astral-Sh Uv
Astro CLI
AstroGrep
astroni
ASUS drivers and firmware
Atari800Win PLus
Atlassian Companion
ATLauncher Setup
Atom Beta
AtomicParsley
Atticus64 Juice
Auburn Earnings Notifier
Audacious
Audacity
Audacium
Audient Evo
Audient Sono
Audio Switcher
Audio Waveform Image Generator
audio-router
AudioAnalyser
AudioBookConverter
AudioRanger
AudioRelay
AudioSwitch
Audius
Aurora
Aurora 5e Character Builder
aurora windows optimizer
Auslogics Disk Defrag
Austin
Austinleath R6Rc
AusweisApp
Authme
AuthPass
Auto Clicker
Auto Dark Mode
Auto Start Confirm
AutoActions
Autodesk Access
Autodesk Advance Steel
Autodesk AutoCAD Architecture
Autodesk Desktop App
Autodesk Eagle
Autodesk Revit
AutoElevate
AutoFirma
AutoFLAC
AutoHotkey
AutoIt
AutomatedLab
Automatically Added Applications
Automox Agent
Autopsy
Autorun Organizer
Autoruns
AutoScreenRecorder
Avantis Director
Avaya Workplace
Aventuras de quintal
Avidemux
AviSynth
AviSynth+
Avocode
Avogadro
Avogadro2
AVPlugins
AVR-GCC
AVRDUDE
Avro Keyboard
AVS Disc Creator
AVS4YOU Programs Installation
AvUpload
AWS Command Line Interface
AWS Copilot CLI
AWS SAM Command Line Interface
AWS VPN Linux
AWS VPN MacOS
AWS VPN Windows
AWSCredentialsManager
Axcient Backup Agent
AxCrypt
AxGlyph
AXIS File Player Launcher
AXIS Video Capture Driver
AxMath
Axure RP 10
Axure RP 11
Ayoisaiah F2
Ayoisaiah Focus
AyuGram Desktop
AzCopy v10
AztfExport
Azul Zulu JDK 11
Azul Zulu JDK 13
Azul Zulu JDK 15
Azul Zulu JDK 16
Azul Zulu JDK 17
Azul Zulu JDK 18
Azul Zulu JDK 19
Azul Zulu JDK 20
Azul Zulu JDK 21
Azul Zulu JDK 22
Azul Zulu JDK 23
Azul Zulu JDK 6
Azul Zulu JDK 7
Azul Zulu JDK 8
Azul Zulu JRE 11
Azul Zulu JRE 13
Azul Zulu JRE 15
Azul Zulu JRE 16
Azul Zulu JRE 17
Azul Zulu JRE 18
Azul Zulu JRE 7
Azul Zulu JRE 8
Azul ZuluFX JDK 11
Azul ZuluFX JDK 15
Azul ZuluFX JDK 17
Azul ZuluFX JDK 18
Azul ZuluFX JDK 19
Azul ZuluFX JDK 20
Azul ZuluFX JDK 21
Azul ZuluFX JDK 22
Azul ZuluFX JDK 23
Azul ZuluFX JDK 8
Azul ZuluFX JRE 17
Azure Cosmos DB Emulator
Azure Data CLI
Azure Data Studio
Azure Data Studio - Insiders
Azure Developer CLI
Azure DevOps Migration Tools
Azure drivers and updates
Azure Functions Core Tools
Azure IoT Explorer Preview
Azure Media Services Explorer
Azure Monitor Agent
Azure Terrafy
Azure VPN Client
Azure06 Clips
AzureDevOpsMigrationTo
AzureSignTool
B-Trust Biss
BA connected
BackupCraft
Backyard AI
BACnet Explorer
Badlion Client
Baemin Order Relay
BaiduNetdisk
BaiduPCS-Go
BaiduPinyin
BaiduSIAssistant
BaiduSIMeeting
BaiduSpeechInput
BaiduTranslate
BaiduWenku
Balabolka
balena-cli
balenaEtcher
Balsamiq Wireframes
Bambu Studio
Banana Cake Pop
Bandai Reml
Bandicam
Bandicut
BandiView
Bandizip
Barcode2Win
Baretail
Barogo Store Manager
Barrier
BarryCarlyon Extension Tools
Basecamp 3
Basedash
BasicPawn
basiliskLLM
Batch Docs Free Edition
Batch File Encrypt Free Edition
Batch File Manager Free Edition
Batch File Rename Free Edition
Batch File Replace Free Edition
Batch Files Free Edition
Batch Hex Editor Free Edition
Batch Images Free Edition
Batch Photo Face Free Edition
Batch RegEx Free Edition
Batch Word Replace Free Edition
BatchEncodingConverter
BatchFileSplitJoin
BatchImageConverter
BatchImageEnhancer
BatchImageResizer
BatchImageSplitter
BatchImageWatermarker
BatchTextFileEditor
Battery Mode
BatteryBar
BatteryMon
Battle for Wesnoth
Battle Painters
Battle.net Setup
Baulk
Baxi Service Tool (PCST)
Bazarr
Bazecor
Bazel
Bazelisk
BBHouse
bcm converter
Bdash-App Bdash
BDR Thermea Service Tool (PCST)
BeagleEditor
BeagleEditor Toolchain (BeTL)
Beaker Browser
beatdrop
Beats winlogbeat
Bedford
Bedrock Dedicated Server
Bee-San Ares
BeeBEEP
Beeftext
Beekeeper Studio
Beeper
Before Dawn
Behind you
Belarc Advisor
Belgium e-ID middleware
Belgium e-ID viewer
Benboyter Scc
BENISHOGA
Bennett
Benny93 Kafui
Benthic Software: Golden8
beqdesigner
Berkeley Byob
Beseda Convy
Bespoke Synth
Best Trace
BestNotes
Betaflight Configurator
Bethesda.net Launcher
Better-CrewLink
Betterbird
beyerdynamic Update Hub
Beyond Code Herd
Beyond Compare 4
Beyond Compare 5
Beyond-All-Reason
BeyondATC
BeyondATC Traffic Map
Bforartists 4
BGInfo
BibleTime
Bicep CLI
BiglyBT
Bilibili
Bilibili Bcut
BilibiliVideoDownload
bilidown
BililiveRecorder
biliup-app
biliup-rs
Bilive_Electron
Billfish
Binance
Bing Wallpaper
Binjr Core-X64
Bio-Well
BiorhythmsCalculator
Birds Kitchen
Bisbee
Biscuit
Bisq
Bit Driver Updater
Bit Game Booster
BitBoxApp
Bitcoin Core
BitComet
Bitdefender Endpoint
BitMeter OS
BITS Manager
Bitvise SSH Client
Bitvise SSH Server
Bitwarden
Bitwarden Browser Extension
Bitwarden CLI
Bitwarden CLI
Bitwarden MacOS
Bitwarden Server
Bitwig Studio
Biyi
BKChem
Black Chocobo
Black Desert
BlackberryBackup
BlackThunder
Blacktop Ipsw
Blacktop Ipswd
BleachBit
blender
Blender Launcher
Blender LTS 3.3
Blender LTS 3.6
Blink Eye
BlinkMind
Blitz
blobsaver
Blockbench
Blocknet
Blood on the Clocktower Online
BloomRPC
Bloxstrap
Bluebeam Revu
Bluebeam Revu 20
Bluebeam Revu 21
BluebeamOCR 21
Bluebook
BlueBubbles
blueCFD-Core
BlueDV AMBE Server
Bluefish
BlueGriffon
Bluejteam Bluej
BlueMail
Bluemars Clipx
Bluemystical Edhm
BlueScreenView
BlueStacks
Bluetooth Battery Monitor
Bluetooth Tweaker
BluetoothDevicePairing
Bmatzelle Gow
boardmix
Bob the Hamster VGA
Bobdaprogrammer Slik
Boinc Tasks
Bombermaaan
Bome SendSX
BOMIST
BonAView
Bonjour
Bonjour Print Services
Bonnefon Glogg
bookhunter
bookmarkr
Bookworm
BookxNote Pro
Boost Note
Bootandy Dust
Borderless Gaming
Bosse Romfs
Bosyun Pixso
Bosyun Pixso Cn
Bot Framework Composer
Bot Framework Emulator
bottom
BowPad
Box
Box Tools
Boxcryptor
BoxHero
BPBible
BPMN-RPA Studio
Brackets
Brackets
Brady Workstation
Brainf**k interpreter
Branch
Brave
Brave Beta
Brave Browser
Brave Dev
Brave Nightly
Brave Updater
BrawlCrate
BreakTimer
Bredbandskollen CLI
Breitbandmessung
Brettmayson Hemtt
Brianapps Sizer
Brick Hill
Bridge
BrightAuthor 5.0
BrightScript Emulator
Brimdata Brim
Brity Meeting
Brity Messenger
BRLCAD
Brosix App
Brother drivers and firmware
Brotli
Brows App
BrowserSelect
Browsh
Bruno
Brunobanelli Pci-Z
Brutal Chess
BSManager
Btbn Ffmpeg Gpl
Btbn Ffmpeg Gpl 5 1
Btbn Ffmpeg Gpl 6 1
Btbn Ffmpeg Gpl 7 1
Btbn Ffmpeg Lgpl
Btbn Ffmpeg Lgpl 5 1
Btbn Ffmpeg Lgpl 6 1
Btbn Ffmpeg Lgpl 7 1
btop4win
Buckets
Buhid Baybayin (QWERTY)
BuildMonitor
Buildpacks Pack
Bulk Crap Uninstaller
Bulk Image Downloader
Bulk Rename Utility
BulkStartStop
Bullzip PDF Studio
BumpTop
Bun Baseline
Bun Baseline Profile
Bun Profile
BurnAware Free
Burntsushi Xsv Gnu
Burntsushi Xsv Msvc
Burp Suite Beta
Burp Suite Community Edition
Burp Suite Enterprise Edition
Burp Suite Stable
Business Card Maker
BusyBox-based MinGit
busybox-w32
butane
Buttercup
butterflow-ui
Butterfly
Butterfly (Nightly)
Byond
Bytedance Lark
Bytedance Resso
BZFlag
C-Dogs SDL
C&C:Online
ca-valencia
Caarlos0 Timer
CacheMonkey
Cacher
Cactus Blockchain
Caddyserver Caddy
CADReader
Caesium Image Compressor
CaesiumPH
Caffeine
Cairo Desktop Environment
Cakewalk by BandLab
Cal
CalDavSynchronizer
calibre
calibre portable
Callbar
Calliper
Cambridge Reader
Camera Ballistics
Camo Studio
CamScanner
Camtasia
Canon My Printer
Canon PCL6 Driver
Canonical Juju
Cantara
Cantino Mcfly
Canva
CapCut
CapFrameX
Caphyon Hover
capnproto
Caprine
Caption
Caption OCR Tool
Captura
Caramba Switcher
Carapace
Cardinal
Care Center Service
Caret
Caret Beta
carnac
Carroll
Cartridges
Carvel Ytt
CAS Modbus Scanner
CASecureBrowser
Caseware Working Papers
Casey Just
Cashcash
CAT CLI
catalyst
catalyst-browser
Catalyst3
Cato Client
Catsxp
CBackup
cbetar2
CBriscola.Avalonia
CBriscola.WPF
Ccache
CCEnhancer
CCleaner
CCleaner
CCleaner Professional Trial
Ccrma Chuck
Cctv Cbox
CDInfo
Ce-Programming Cemu
CEB EBanking Assistant
Cedric Fa2Tv
Celestia
Cemu
Cemu (Experimental)
Cencit Bas21
Cent Browser
Cerebro
CertAid for Windows
Certbot
CertDump
Certify One
Certify The Web
CertoNiuchacz
CeVIO AI
CeVIO AI Voice Package - #kzn
CeVIO Creative Studio 7
Cevio Satosasara Sing
Cevio Satosasara Talk
Cevio Suzukitsudumi Sing
Cevio Suzukitsudumi Talk
CGoban
chainhook
chaiNNer
ChampR
Channel Talk for Desktop
Chaos Recipe Enhancer
Charles
Charmbracelet Glow
Charmbracelet Gum
Charmbracelet Melt
Charmbracelet Mods
Charmbracelet Pop
Charmbracelet Skate
Charmbracelet Vhs
Chart Geany
ChatALL
Chatbox
Chatbox CE
ChatGLM
ChatGPT
Chatterino
Chatterino7
Chatty
ChatZilla
Chawyehsu Hok
Check2Decision
CheckIP
CheckSum
Chef Workstation
ChefDK
ChemAxon Marvin Suite
Cherry Studio
CherryTree
Chez Scheme
Chezhe Aleph
chezmoi
Chia-Lung Kaku
chiaki
Chianetwork Guiforchiablockchain
Chidiwilliams Buzz
Chillibits Ccom
Chillibits Spice
Chimeraland SEA
ChineseGit
CHIRP-legacy
CHKCPU
Chocolatey
Chocolatey GUI
ChordPro
Chrisant996 Clink
Chrisbagwell Sox
Chrisklimas Twine
Christianhohnstadt Xca
Chromaprint
Chrome Remote Desktop
ChromeCacheView
ChromeDriver for Chrome 111
ChromeOS Platform
ChromeOS Stable
Chromium
Chromium-Gost
Cider Nightly
Cidercollective Cider
Cilium CLI
CINC Workstation
CinebenchR23
Cinny desktop
circleci-cli
circleci-config-merge
Circuit Diagram
Cisco Jabber
Cisco Webex
Cisco Webex Meetings
Cisco Webex Productivity Tools
Citavi 6
Citra Emulator
Citrix Workspace
Citrix Workspace
Citycraft Launcher
ClamAV
ClamWin Free Antivirus
clangd
ClangFormat
clarinet
Clash Nyanpasu
Clash Verge
Classic
Classic Generator
Classic Shell
Classic Volume Mixer
ClassicContext
ClassicFTP
ClassIn
ClassIn X
classroom-assistant
Claude
ClaudeToZenn
clawPDF
Claws Mail
Clean Your Device
cLeapp
ClearVPN
Clementine
Clevershare
ClickUp
CLion (EAP)
Clipboard
Clipboard Sync
clipboard-manager-electron
ClipboardFusion
ClipCC
ClipCC Beta
ClipClip
Clipify
clippo
ClipSock
Clipto
Clockify
Clone Hero
CloneSpy
Closeio Close
Cloud Drive Mapper
Cloud Foundry CLI v7
Cloud Foundry CLI v8
cloud-nuke
CloudApp for Windows
CloudCompare
CloudDrive2
Cloudflare WARP
cloudflared
CloudflareSpeedTest
CloudflareWarpSpeedTest
CloudHub
CloudMusic
CloudMusicXStudio
CloudNet
cloudpan189-go
Cloudreve
CloudShow
CloudSignatureUpdate
Cloudstack Msty
Clownfish Voice Changer
Clpm Clpm
clusterctl
Cmu Clan
Cobalt SSG
CocCoc
Cockatrice
Cocos Dashboard
Code Notes
code-radio-cli
Code::Blocks
Code::Blocks
Code.org Maker App
CodeLite
Codemao Kitten 3
Codemao Kitten 4
Codemao Turtleeditor 2
Coder
Codilime Veles
Codium
COEIROINK
Coffee
CoffeeBean
Coinomi Wallet
Cold Turkey Blocker
Colibri
Colibri 3
Colibri Alpha
Colibri Beta
Collapse
Colobot: Gold Edition
Color Cop
Color Picker
ColorByte
ColorMC
Colorpicker
Colors
Colour Contrast Analyser (CCA)
Com-PnP
ComicRack Community Edition
Commandline Wave
commet
CompactGUI
Companion
Compass
ComPortInfo
Compose Generator
Composer - PHP Dependency Manager
Compton
Compuphase Pawn
Compute-A-Fan
Comtrade Chart
Conan Package Manager
Concept2 Utility
Concourse Fly
ConEmu
Conexant drivers and firmware
Config File Validator
ConfigFind
Configurador FNMT
Confluent CLI
Coninfer Eclipseclp 7 0
Coninfer Eclipseclp 7 1
Connect
ConnectWiseManageClie
Conroe Calendar Notifier
ConsumerDronesS
Contasimple Desktop
ContextMenuManager
Control Dashboard
Control Dashboard Pro
Convene
Converse Desktop
Conveyor
coolpack
CoolTools
CopyTrans Control Center
CopyTranslator
Coq Beta
Coq Coqplatform
Corda Node Explorer
Core FTP Pro
Core FTP Server
Core Temp
Coreprio
coreutils
Corkscrew Updater
Corporate Clash Launcher
CORSAIR iCUE 3 Software
CORSAIR iCUE 4 Software
Corsair iCUE5 Software
CorsixTH
Cortexso
CorvusSKK
cosbrowser
COSCLI
cosign
Cosmos DB Explorer
Couchbase Server
CoupangPOS
Course Hunt
Covid-19
CowabungaLite
Cozy Drive
Cozy Drive (Beta)
CP Editor
Cppcheck
cppcryptfs
cpufetch
CPUGrabEx
CPUID CPU-Z
CPUID CPU-Z Aorus
CPUID CPU-Z Gigabyte
CPUID CPU-Z MSI
CPUID CPU-Z OC Formula
CPUID HWMonitor
CPUID PHANTOM CPU-Z
CPUID ROG CPU-Z
CPUID TAICHI CPU-Z
CPUIDCoolerMaster CPU-Z
crankshaft
CrashPlan SMB
Crazybump
create-tauri-app
CreateInstall
CreateInstall Free
CreateInstall Light
Creative App
Crescendo Music Notation Editor
CrewLink
Cromite
Crossout Launcher
CrossOver
Crossplane CLI
CrossWorks for ARM
Crow Translate
CrowdSec
CrowdSecWindowsFire
CrowdStrike Falcon
CrowdStrike Windows Sensor
CRSED Launcher
Crucial Storage Executive
Crushee
Crypter
CryptoARMGOS
Cryptomator
Cryptr
Crystal
Crystaldewworld Crystaldiskinfo K
CrystalDiskInfo
CrystalDiskInfo Aoi Edition
CrystalDiskInfo Shizuku Edition
CrystalDiskMark
CrystalDiskMark Aoi Edition
CrystalDiskMark Shizuku Edition
cs-script
CSGO account checker
CSVFileView
csvlens
Csyezheng A2Fa
Cterm
CTools
Cube 2: Sauerbraten
CubeICE
CubePDF
CubePDF Utility
CubePlatform
CubicSDR
Cuelang Cue
Curiosity
Curl
CurrencyConverterPowerToy
CurseForge
Cursor
Custom Control Editor
CustomRP
Cute Chess
CutePDF Writer
Cutter
Cwecomputerservices Gsak
CwSkimmer
Cwtch
CXCASS
CXPrem
Cyanfish Naps2
cyanrip
Cyberduck
CyberGhost
cyberJack DriverPackage
CyberPower PowerPanel Personal
CyberProtectHomeOffice
cybr-cli
Cydia Impactor
Cygwin
Cyotek Color Palette Editor
Cyotek CopyTools
Cyotek Sitemap Creator
Cyotek WebCopy
Czkawka
Dagger CLI
Dalance Procs
DaMtech Password Generator
Dandanplay
Dandavison Delta
Dante Via
Dante Virtual Soundcard
Daou Messenger
Dapr CLI
Dapr Cli Preview
Darkfulldante Wol
DarkSwitcher
darktable
DarkThumbs
Dart SDK - stable channel
Das-Keyboard-Q
Dashboard
Dashboard PM
Dashlane
Data Assistant
Data Rescue
Data Version Control
DatabricksCLI
Datadog .NET Tracer
Datadog Agent
Dataflare
DataGrip
DataGrip (EAP)
Datalust Seq
DataSpell
DataSpell (EAP)
Datto Cloud Continuity Agent
Datto Endpoint Backup
Datto RMM
Datto Windows Agent
Datto Workplace
Datto Workplace Desktop
Datto Workplace Server
Dave Gnukem
DavMail
Dawg
DAX Studio
Daynix Usbdk
Daytona
DayZ Launcher
DB Browser for SQLite
DBeaver Community Edition
DbGate
Dbmate
dBpowerampAACiTunesEnc
dBpowerampCLIEncoder
dBpowerampOggVorbisEnc
dBpowerampWave64Encode
DbVisualizer
DCS World OpenBeta
Ddangyo Order
DeaDBeeF
Deansbury
Debian
Debug Diagnostic Tool
Debugtron
Deceive
Deckboard
DeckMaster
Decoration
Decrediton
deemix-gui
Deep5050 Qikqr
Deepin Cloud Print Server
Deepin Cloud Scan Server
Deepl
Deepnight Ldtk
DeepVocal
DeepVocal ToolBox
Deepvocal-Hitsuboku
Deezer
DeezerElectron
Defang
DefaultAudio
DefenderUI
DeFi Wallet
Defraggler
Dehelper
Dell Command
Dell Command | Configure
Dell Command | Update
Dell Display Manager
Dell drivers and firmware
Dell iDRAC Service Module
Dell Optimizer
Dell Support Assist
Deltarune
Deluge BitTorrent Client
Deluge BitTorrent Client Beta
Denby Calculator
Denemo
Denoland Deno
Dependencies
Dependency Analyzer
DepotDownloader
Derailed K9S
Deskfiler
Deskflow
DeskGo
DeskPins
Deskreen
Desktop Dimmer
Desktop Icon Togglex
DesktopOK
Desktops
DeskUpdate
DeSmuME
Deta Space CLI
Detect It Easy
Determined AI CLI
Dev Home (Preview)
Dev Proxy
Dev Proxy Beta
Dev-C++
dev-sidecar
Devbook
Devcom Lua
DevDocs
DevEco Device Tool
DevEco Studio
Develo
Develope
DeveloperEdition
DevHub
DeviceManagementAssistant
Devolutions Workspace
DevPod
DevToys
devtunnel
Dfrobot Mind+
Dg0Jbj Hdsdr
DHLabel
Dialpad
Diario.Avalonia
Dichromate
Dictaphone
Didder
Diffinity
Difftastic
digiCamControl
DigiDoc4 Client
digiKam
Digitalcreations Maxto
Digitaldevices Dd-Tv
Digitalocean Doctl
Digitalscholar Tropy
Digola 7Caps
Digola Noog
Dimension 4
DindeGDPS
DingTalk
DingTalk Lite
Dink Smallwood HD
Direct Folders
Directory Crop
Directory Opus
DirectX
direnv
DirHash
DirPrintOK
Dirsoft Arpro
Discord
Discord Canary
Discord Development
Discord History Tracker
Discord Media Loader
Discord PTB
Discord RPC Maker
DiscordBotClient
DiscordChatExporter.CLI
DiscordChatExporter.GUI
Discotheek
Disk Drill
Disk Usage Analyzer
DiskCheckup
DiskGenius
DiskInternals Linux Reader
Dislyte
DISMTools
DISMTools Preview
Display Driver Uninstaller
DisplayCAL
DisplayFusion
DisplayLink Graphics
DisplayLink Graphics Driver
Distill Web Monitor
Ditto
DivoomCli
DivoomGateway
Dixa
DJI Assistant 2
DJI Assistant 2 For Autopilot
DJI Assistant 2 For Mavic
DJI Assistant 2 For MG
DJI Assistant 2 For Phantom
Dji Djiassistant2 Fpv
DJIAssistant2ForMatrice
DjVuLibre DjView
DkML Native
Dlang Dmd
dLive Director
DLSS Swapper
Dman95 Sasm
dmidiplayer
DMMGamePlayer
dnGREP
DNS Proxy
DNSControl
dnscrypt-proxy
dnslookup
DNSLookupView
Dnspyex Dnspy
DocFetcher
DocImageDownload
Docker CLI
Docker Compose
Docker Desktop
Docker Desktop Edge
DockStation
docuPrinter Pro
DocuToolbox
Dogecoin Core
Dokan Library
Dolphin
Dolthub Dolt
Domino
Donkey for Oracle
Doom Explorer
Doom Runner
Doomsday Engine
Door Control
Dooray! Messenger
DooTask
Dopamine 3
doppler
Dorion
dos2unix
DOSBox
DOSBox Staging
DOSBox SVN-Daum
DOSBox-X
Dosvox
Dot Browser
dotenvx
Dotter
Doubao
Double Commander
Douyin
DouyinIDE
DouyinIM
DouyuLive
Download Manager
Downloader For Reddit
DownloadHelper CoApp
DoxCycle
Doxie
doxygen
Dr. Henry's Chess Game
Dr. Memory
Dr.Explain
Dragon UnPACKer
draw.io
DrawingMaster
Drawpile
Dreamus Flo
Driver Booster
Driver Easy
Driver Fusion
Driver Store Explorer
DriversCloud.com
DrMIPS
DroidCam Client
DroidStar
Dropbox
Dropbox Capture
DropIt
DropPoint
Drovio
Drupal packaged by Bitnami
DS Clock
ds-load
DS4Windows
DSUManager
DU Meter
Dual Monitor Tools
Dual Universe
DualSafe Password Manager
Ducaale Xh
DuckDB CLI
DuckDns
DuckDuckGo
DuckStation
Duet Display
Dummerle Rare
Dundee Gdu
Dune 3D
Dungeon Crawl Stone Soup
Duo Device Health
Duo2FAAuthenticationf
dupeGuru
Duplicacy Command Line Version
Duplicacy Web Edition
Duplicate Cleaner Free 4
Duplicate Files Fixer
Duplicate Music Fixer
Duplicate Photos Fixer Pro
Duplicati 2
DuskPlayer
Dust3D
DVD Flick
DVD or CD Sharing
DVDStyler
Dvstseood Qops
DW Spectrum Client IPVMS
DWords
DxEnterprise
Dymo Connect
Dymo ID
DYMO Label
Dymo Scale
Dynalist
Dynamo Core
Dynamo Revit
DynamoRIO
Dystroy Broot
e-Sword
E2Esoft Ivcam
EA app
Ea4K Klog
eagluet
EarlyAccess
EarthView
EarTrumpet
EaseUS Partition Master
EaseUS Todo Backup Free
EaseUS Todo PCTrans
EasiAction
EasiCapsule
EasiCare
EasiClass
EasiDirector
EasierConnect
EasiNote
EasiNote3C
EasiQuizManager
EasiRecorder
eask-cli
Eassos Recovery
Eastmoney
Easy Connection to Screen
Easy Migration
EasyABC
EasyBoot
EasyConnect
EasyEDA
EasyEDA Pro
Easymodo Qimgv
EasyTerm
Eat-Pray-Ai Yutu
ebbflow
Ecency
eChess
Echocat Watch
Echoes
EchoLink
ECHOOF
Echosync
Eclipse Mosquitto MQTT broker
Eclipseadoptium Temurin 11 Jdk
Eclipseadoptium Temurin 11 Jre
Eclipseadoptium Temurin 16 Jdk
Eclipseadoptium Temurin 17 Jdk
Eclipseadoptium Temurin 17 Jre
Eclipseadoptium Temurin 18 Jdk
Eclipseadoptium Temurin 18 Jre
Eclipseadoptium Temurin 19 Jdk
Eclipseadoptium Temurin 19 Jre
Eclipseadoptium Temurin 20 Jdk
Eclipseadoptium Temurin 20 Jre
Eclipseadoptium Temurin 21 Jdk
Eclipseadoptium Temurin 21 Jre
Eclipseadoptium Temurin 22 Jdk
Eclipseadoptium Temurin 22 Jre
Eclipseadoptium Temurin 23 Jdk
Eclipseadoptium Temurin 23 Jre
Eclipseadoptium Temurin 8 Jdk
Eclipseadoptium Temurin 8 Jre
EclipseFlashTool18
Eclipsefoundation Sumo
EcoPaste
Ecosia Browser
Eddie - VPN Tunnel
Edge And Bing Deflector
EdgeTX Companion
EditPlus
Edraw Diagram Component
Edraw Office Viewer Component
Edraw Viewer Component for Word
EdrawInfo
eDrawings
EdrawMax
EdrawMind
EdrawProj
Edrawsoft Edrawinfo Cn
Edrawsoft Viewercomponent Excel
Educationa
EDULite
EduMIPS64
eduVPN Client
Eeo Camin
Efficient Compression Tool
Effidit
EFI Boot Editor
Egnyte Desktop App
Egnyte Office Add-in
Egnyte WebEdit
Eiffelsoftware Eiffelstudio Stabl
eksctl
Elan drivers and firmware
Elasticsearch
Elcomsoft Cloud eXplorer
Elcomsoft eXplorer for WhatsApp
Elcomsoft Password Digger
Elcomsoft Phone Breaker
Elcomsoft Phone Viewer
electerm
Electorrent
Electron
Electron Cash
Electron Cash SLP
Electron Fiddle
Electron Screen Recorder
Electron Store
electron-office-tools
electron-vue-cloud-
Electronic Gmail
ElectronMail
Electrum
Electrum-NMC
Element
Elephicon
Elevate UC
ElevenClock
ElexeLauncher
Elgato 4K Capture Utility
Elgato Camera Hub
Elgato Control Center
Elgato Game Capture HD
Elgato Stream Deck
Elgato Wave Link
Eli's Enterprise Tech Toolkit
EliteDangerousMarketConnecto
Elk
Elsword
elvish
ElyPrismLauncher
eM Client
Embarcadero Dev-C++
Embrava Connect
EmEditor
EmEsGi
Empoche
Emq Mqttx
Emulationstation
EmulationStation-DE
Emule
eMule (community version)
en-croissant
Enarxproject Enarx
Encrypto
Endicia Connect
EndNote 21
EnglishizeCmd
Enigma
Enigma Virtual Box
Enlisted Launcher
Enpass
Ente Auth
Ente CLI
Ente-Io Photos-Desktop
EnterpriseSerie
EntraPass web
envolve
EnvyUpdate
eo2suite
EPA SWMM 5.2.4 (64-bit)
EPANET
Epic Games Launcher
Epilogue Operator
EpocCam drivers
EPOS Connect
Erdtree
Erengy Taiga
ErgoFAKT V5
Erikaraojo Fintx
Erikbra Grate
Erlang OTP
Errata-Ai Vale
Error Lookup
Error Lookup Tool
Escrcpy
eSearch
ESET AV Remover
ESET Endpoint Antivirus
ESET Endpoint Security
ESET Nod32
ESET Security
Eshelper
Espanso
eSpeak
eSpeak NG
ESUNBank WebATM Service
Etcd Assistant
Etcd-Io Etcd
etcd-manager
Etcder
Ethereum Geth
Ethereum Grid
ETT-Admin
Etterna
Eugeny Tabby
Eusoft Eudic
Evacuationz
Evanczaplicki Elm
Evansmurithi Cloak
EVE IPH
EVE Online
EVEMon
EventLogViewer
EverEdit
Evernote
Evernote
Evernote Cn
Everything
Everything (Alpha)
Everything Cli
Everything Lite
EverythingPowerToys
EverythingToolbar
EvexiCLI
Evoluent drivers and firmware
Evoluent Mouse Manager
Evope
exacqVision Client
Exact Audio Copy
ExamDiff
Excel Parser Processor
Exercism CLI
ExifCleaner
ExifGlass
ExifTool
ExifTool - Dev
ExifToolGUI
Exoscale CLI
experimental
EXPERTool
Explorer++
ExplorerPatcher
ExplorerPatcher Pre-Release
Expres
Express
ExpressConnect Drivers
ExpressLRS Configurator
Expresso
ExpressVPN
Extensis Connect Fonts
Extism CLI
ExtractNow
Extrame Dget
Extraterm - Terminal emulator
Extreme TuxRacer
EyeLeo
EZ Launcher
Eza-Community Eza
Ezoa Ercha
ezwinports: make
ezytdl
F3D-App F3D
Fabric Installer
FACEIT
FACEIT Anti-Cheat
Fact downloader
FadeIn
FaFa Runner
FAHClient
FAIRshare
falkon
FamiStudio
Fan Live
FanControl
Far Manager 3
FARO LS
Fast Chess
Fast Node Manager
FastCopy
FASTER
fastfetch
FastGestures
FastGithub
FastMeeting
FastMeetingLauncher
FastStone Capture
FastStone Image Viewer
FAT32 Formatter
FAT32 GUI Formatter
FBReconnect
Feather Wallet
fedistar
Fedora Media Writer
Fedora Remix for WSL
FeedDemon
Feeder
Feeperfect Feem Beta
FeiLian
Feishin
Feishu
Fellow
Feodor2 Mypal
Ferdium
Ferdium Beta
Ferdium Nightly
Ferium
feroxbuster
FFmpeg
FFmpeg (Essentials Build)
FFmpeg (Shared)
FFmpeg Batch AV Converter
ffsend
Ffuf
Fiddler Everywhere
Fiddler PDFView Inspector
Figma
Figma Agent
Fiji ImageJ
File Converter
File Shredder
FileBot
FileCloud Drive
FileDisk
FileHashGenerator
FileList
FileMenu Tools
Filen CLI
Filen Sync
FileOptimizer
FileQL
Files Inspector
Filescommunity Files
FileSeek
FileSorter
FilesRemote
FileVoyager
FileZilla Client
FileZilla Server
Filius
Filosottile Age
Final2x
Find and Mount
Find and Run Robot
FindLinks
FinePrint
Finite Element Method Magnetics
Fio
Fiorilli Web Extension Client
FireAlpaca
Firebase CLI Tools
Firebird
FireDaemon Fusion
FireDaemon Lozenge
FireDaemon OpenSSL 3
FireDaemon Pro
FireDaemon Zero
Firefox
Firefox Developer Edition (ach)
Firework
fischertechnik ROBOPro
Fishing Funds
Fission CLI
Fitbit OS Simulator
Flame Launcher
Flameshot
Flash Builder
Flashback Express
FlashBack Pro 5
FlashFXP
Flat Assembler
Flawesome
Flawless Widescreen
Flaxengine Flax
FLB Music
Fleet Launcher (Public Preview)
Flemozi
FlexASIO
FlexHEX
FlexiHub
FlexiPDF 2022
Flicker List
FlightGear
Flip PDF Plus
Flip PDF Plus Corporate
Flip PDF Plus Pro
Floating Frame
Flockfz Flock
Floorp Daylight
Florianfechner Cells
Flow (Nightly)
Flow Launcher
Floweb
Flower
Flowgorithm
FlowPrompter
Fluent Reader
Fluent Search Beta
Flux
Fluxcd Flux
Flxzt Rnote
FlyByWire Installer
flyctl
Flydav
FlydigiPcSpace
FlydigiSpaceStation
FlyEnv
Flying Cube
Flyingpie Windows-Terminal-Quake
Flywheel Local
FN Key Lock
Focalboard
Focusky
Focusrite Control
FocusWriter
Folder Size
Folder Size Explorer
Foldit
Foldr
Foldynl Qlog
FontBase
FontForge
Foobar2000
foobar2000 Free Encoder Pack
ForBatteryStati
ForceAutoHDR
ForceBindIP
ForensicDiskDecryptor
Fork Fork
fork-cleaner
Formit
Fort Firewall
FortiClient VPN
Fortran Package Manager
FortranCompiler
forwarder
fossa-cli
Fossil
Fotophire Photo Focus
Fotophire Photo Maximizer
Fotophire Toolkit
Fotor
FotoSketcher
fotoXplorer
Fougue Mayo
FounderType
Foxit PDF Editor
Foxit PDF Editor (MSI)
Foxit PDF Reader
Foxmail
FrameSearchEngine
Fred's Controller Tester
Free Alarm Clock 5.2.0.0
Free Download Manager
Free Media Player
Free Pascal Compiler
Free Shooter
Free Window Registry Repair
Free-Astro Siril
FreeBASIC
FreeCAD
Freeciv
FreeCommander XE
Freedom
Freedom Scientific JAWS 2023
Freedom Scientific JAWS 2024
Freedome
FreedroidRPG
FreeDV
FreeFem
FreeHexEditorNeo
Freelancer Desktop App
FreeMat
FreeOrion
FreePDF
FreePDF 2022
Freeplane
Freeter
FreeTube
freeze
FreifunkMeet
Frescobaldi
Frhelper
Friction
Friday Night Funkin'
frizbee
FromScratch
FrontSketch
FrostWire
fselect
FSimMan
FSLogix
FTB Electron App
FTP Manager Lite
FtpUse
FufuDevTools
FufuTools
Full Stack AI Meme Generator
FullEventLogView
FullWave Viewer II
func-e
Fundels
FurMark
Furnace
FutabaMinato
Futureglobe Dashy
Futureglobe Gibu
FutureRestore GUI
Futures
Fuyoo Bsrdc
Fuze
FxSound
Fzf404 Monit
G Desktop Suite
g-helper
G-Helper PreRelease
G'MIC-Qt for GIMP
G*Power
G0Rocks Cab
G14ControlV2
Gadugadu
Gajim
GalaxyBudsClient
GalaxyBudsManager
gallery-dl
Galvanize Cirrus
GAMADV-XTD3
Gamaplatform Gama
Game Capture 4K60 Pro MK.2
Game Capture HD60 S
GameBoy Book Reader
GameMaker
GameSir Connect
GameViewer
GammaLauncher
Ganache
GanttProject
Gaoding
Gaphor
GARbro
Garena
Garmin BaseCamp
Garmin drivers and firmware
Garmin Express
Garnet Assistant
Gather
Gauge
GB Studio
GCFScape
GDevelop
Gdiobjects Xbar
GDLauncher
Geany
geckodriver
gedit Text Editor
GEDKeeper2
Geek Uninstaller
Geekbench 2
Geekbench 3
Geekbench 4
Geekbench 5
Geekbench 6
Geekbench AI
GeePlayer
Geert-Janbesjes Wxmun
Genact
Genericmappingtools Gmt
GenesysCloud
Genivia Ugrep
Gentee
Genymotion
Geoda
Geode CLI
GeoGebra Calculator Suite
GeoGebra CAS Calculator
GeoGebra Classic
GeoGebra Classic 5
GeoGebra Geometry
GeoServer
GeoStudio
Geph
Gephi
Geppetto
Gerardog Gsudo
GestureSign
Getscreen.me Dashboard (beta)
gettext 0.21 + iconv 1.16
Getzola Zola
Gforth
GFXBench
Ghostery
Giantpinkrobots Varia
Gif Your Game
gifski
Gigabyte Control Center
gImageReader
Gimp
GIMP Nightly
Ginger Chrome
GinsakiYamato
Git
Git
Git Extensions
Git for Windows SDK
Git LFS
git-absorb
git-age
git-cliff
git-cola
git-credential-azure
git-credential-oauth
GitAhead
GitBlade
GitButler
Gitea Tea
GitFiend
Github Atom
GitHub CLI
GitHub Desktop
GitHub Desktop
GitHub Desktop Beta
Github Hub
GitHub Labels Manager
GitHubReleaseNotes
Gitify
GitKraken
GitKraken CLI
GitLab Runner
Gitleaks
GitNote
GitTools GitVersion
gittuf
Gittyup
Glab
Glance Client
Glance Guest
Glary Utilities
Glarysoft File Recovery
Glass Cannon
GlassWire
GlazeWM
Gleam
Global VPN Client
Globalmarinenet Dfw
Globalping CLI
Glodon Cadreader Cn
Gloopprogramming Gloop
GLPI Agent
glsl analyzer
Glyphr Studio
Glzr-Io Zebar
GM8Decompiler (GNU Build)
GM8Decompiler (MSVC Build)
gm8x_fix
Gmail Desktop
Gmsh
Gmvault
GMX MillionenKlick
GN Audio drivers and firmware
Gnome Dia
Gnome Gitg
GNU Arm Embedded Toolchain
GNU datamash
GNU Emacs
GNU Midnight Commander
GNU Nano
GNU Privacy Guard
GNU Radio
GNU Solfege
Gnu Wget2
GnuCash
gnuplot
Gnuwin32 File
Gnuwin32 Tar
GnuWin32: Bison
GnuWin32: Cpio
GnuWin32: DiffUtils
GnuWin32: FindUtils
GnuWin32: GetText
GnuWin32: Gperf
GnuWin32: Grep
GnuWin32: Gzip
GnuWin32: M4
GnuWin32: Make
GnuWin32: Tree
GnuWin32: UnZip
GnuWin32: Zip
Go Language
Go Programming Language
Go Spotify Cli
go-cqhttp
go-musicfox
go-p2ptunnel
Goacme Lego
GoAuthing
gobang
GoCD Agent
GoCD Server
Godot Engine
Godot Engine (Mono)
GOG GALAXY
Gokcehan Lf
GoLand
GoLand (EAP)
golangci-lint
GoldenDict
GoldenDict-ng
GoldWave
GOM Player
gongwen
Good Commit
GoodSync
GoofCord
Google Ads Editor
Google Assistant
Google Assistant Preview
Google Calendar
Google Chat Electron
Google Chrome
Google Chrome (EXE)
Google Chrome Beta
Google Chrome Beta (EXE)
Google Chrome Canary
Google Chrome Dev
Google Chrome Dev (EXE)
Google Cloud SDK
Google Desktop
Google Drive
Google Earth
Google Earth Pro
Google Meet
Google Pinyin IME
Google Play Games beta
Google Sheets
Google Slides
Google Talk
Google Update
Google Web Designer
google-chat-linux
GooglePlayMusicDeskt
Gopass CLI
gopass-jsonapi
Gopeed
Gopeed Web
goplus
goreleaser
Goreleaser Nfpm
goreleaser-pro
goreleaser-testing
Got Your Back
Goto
GoTo 4
GoTo Desktop App
GoTo Meeting Desktop App
GoTo Opener
GoTo Resolve Desktop Console
GoToAssist Expert
GoToAssistAgentDesktopConsol
Gotson Komga
Gource
GoXLR Utility
GoYogiyo
Gpac
Gpg4win
GpgFrontend
gpodder
GPT4All
gptscript
Gptscript-Ai Clio
GPXSee
GrafanaEnterprise
GrafanaOSS
Grammarly
Grammarly for Windows
Grammarly MacOS
GrampsAIO64
GraphiQL
Graphisoft BIMx Desktop Viewer
GraphQL Playground
Graphviz
Grasshopper
Graviton Editor
Greenfoot
Greenlight
Greenshot
Greenshot Preview
grepWin
Gretl
Gridcoin
Gridea
Grisbi
grist-electron
grocy-desktop
Groovy 2
Groovy 3
Groovy 4
Grunt
GS-Base
GS-Calc
Gsass1 Ntop
GSmartControl
GStreamer
GSview
GTK3-Runtime Win64
GtkRadiant
Guardian Browser
Guilded
guinget
guiscrcpy
Guitar Pro 6
Guitar Pro 7
Guitar Pro 7 - Soundbanks
Guitar Pro 8
H3CShare
Habbo Launcher
Hack Fonts
Hackaru
hakchi2
Hakchi2 CE
HakuNeko Desktop
HakuNeko Desktop Nightly
HAL-O-ROIDMinami
hale studio
Halloy
Ham Cockpit
Ham Radio Deluxe
Ham VNA
Hammer PDF
Hamsket
HamsterBase
Hand Tracked Cockpit Clicking
HandActionPlayer
HandBrake
HandBrake CLI
Handheld Companion
Handle
Handle2
HandyWinget
Hanunoo Baybayin (QWERTY)
happytalk
Harbor CLI
Harbour
Hard Disk Low Level Format Tool
Hard Disk Sentinel
Hard Disk Sentinel Professional
Hardcopy
HardlinkBackup
Harmonoid
Harmony
Harzing's Publish or Perish
HashCheck Shell Extension
Hasher
HashHash
Hashicorp Boundary
Hashicorp Consul
Hashicorp Nomad
Hashicorp Terraform
Hashicorp Terraform Alpha
Hashicorp Terraform Beta
Hashicorp Terraform RC
Hashicorp Vault
Hashicorp Waypoint
HashMich
HashMyFiles
HashPhotos Transfer
HashTab
HashTools
Haskell Cabal
Haskell Dockerfile Linter
Haskell Stack
Hatoo Oha
haveibeenpwned
Haxefoundation Haxe
Haystack Editor
Haystacksoftware Arq
hcloud
HD Tune Pro
HDCleaner
HDD Raw Copy Tool
HDHomeRun
HDHomeRun TECH
HDOS Launcher
Headlamp
Heads-Tails
Headset
HeadsetControl-GUI
Headwind Installer
Heartbeat
Hearthstone Deck Tracker
Heaven Benchmark
HeavyLoad
HEC-DSSVue
HEC-EFM
HEC-FDA
HEC-HMS
HEC-MetVue
HEC-RAS
HEC-SSP
Hedgewars
HEIC File Converter
Heidi Eraser
HeidiSQL
HeiziFlashTools
Hekasoft Backup & Restore
Helio Workstation
Heliofm Heliosequencer
Helios Launcher
Helix
Helix Core Apps
Hello Minecraft! Launcher
Hellofont
helloworld.package
Helm
HelpNDoc
Heroic
heroku
Hesan He3
HeSoftClipboard
HeSoftDrawing
HeSoftMediaView
HexChat
HexEdit
HexoClient
HexWalk
HeyboxAccelerator
HeyboxWow
Heynote
HFSExplorer
HHD Software DupeCare
Hibernate Enable or Disable
HiBit Startup Manager
HiBit Uninstaller
HiCOS Client
Hiddify Next
Hiddify Next Beta
hide.me VPN
HideVolumeOSD
HidHide
High-Logic FontCreator
High-Logic MainType
High-Logic Scanahand
HIKARI FIELD CLIENT
HIN Client
Hindsight
HiOffice
HIPIN v4
HippoScan
HiSuite
HitePai6
Hiworks Messenger
hledger
Hluk Copyq
HM NIS Edit
Holoearth
Home Assistant Taskbar Menu
HomeBank
Homedale
Honeyview
HonorSuite
Hopmon
Hoppscotch
Horizon
Hosts File Editor
HostTE
HotDes
Houdoku
Hourglass
Howard E-Mail Notifier
HP Click
HP Cloud Recovery Tool
HP drivers and firmware
HP I.R.I.S. OCR
HP Image Assistant
HP OCR
HP Prime Virtual Calculator
HP Scan Basic Device Software
HPCMSL
Hpjansson Chafa
Hql287 Manta
HSM Dinamo
html-to-markdown
HTTP downloader
HTTP Toolkit
HttpDisk
HTTPie
HttpMaster Express Edition
HttpMaster Professional Edition
HUAWEI Browser
HUAWEI CLOUD Meeting
Huawei Huaweimobilecloud
Huawei QuickApp IDE
HuaweiPCAssistant
Hubble
Hubitech Reemo
Hue Sync
Huggle
Hugin
Hugo
Hugo (Extended)
Humanity Djv2
Humble App
Hunspell
Huntress Agent
Huntress Rio
HuyaClient
HuyaMiniClient
HvManager
HWiNFO
HwpConverter
HxD Hex Editor
HXSmart
Hybrid
hybrid-saas
Hydralauncher Hydra
Hydrogen
Hydrus Network
Hyper-V-Switch
Hyperamp
hyperfine
Hyperion Ambient Light
HyperSnap 9
Hyperspace Desktop
I Have No Tomatoes
i18n Manager
I2P Easy Install Bundle
iA Writer
IAP Desktop
iBackupBot for Windows
IBM Cloud CLI
Ibm Semeru 11 Jdk
Ibm Semeru 11 Jre
Ibm Semeru 16 Jdk
Ibm Semeru 16 Jre
Ibm Semeru 17 Jdk
Ibm Semeru 17 Jre
Ibm Semeru 18 Jdk
Ibm Semeru 18 Jre
Ibm Semeru 19 Jdk
Ibm Semeru 19 Jre
Ibm Semeru 20 Jdk
Ibm Semeru 20 Jre
Ibm Semeru 21 Jdk
Ibm Semeru 21 Jre
Ibm Semeru 22 Jdk
Ibm Semeru 22 Jre
Ibm Semeru 23 Jdk
Ibm Semeru 23 Jre
Ibm Semeru 8 Jdk
Ibm Semeru 8 Jre
Icaros
Icarus Verilog
ICBCChromeExtension
ICBCEBankAssist
IceCat
IceChat
IcecreamEbookReader
IcedTea-Web
IcedTea-Web
iCloud
icnsify
icofx 3
IconEdit2
IconExplorer
Iconscout
IconViewer
IconWorkshop
ICQ New
ICS
Icsharpcode Ilspy
IDA Freeware
IdeaShare
iDefender
Identity Desktop
IdentityV
IEC104 Client Simulator
IEC104 Server Simulator
IEC61850ClientSimulator
IEC61850ServerSimulator
IETDViewAutark
IETDViewAutarkBw
IETDViewPublish
Ifedapoolarewaju Igdm
iFileSpace
Ifilespace Ifile
iFlyDocs
iFlyIME
iFlyNote
iFLYREC
iFlyRecSI
iFun Screen Recorder
iFun Screenshot
IGClient
Igoogolx Lux
Igor Pro 6
Igor Pro 7
Igor Pro 8
Igor Pro 9
IHMC CmapTools
IIS Crypto CLI
IIS Crypto GUI
IIUM Schedule
iLEAPP
iLEAPP CLI
Ilime Petal
iLovePDF
Image Encode
Image Resizer for Windows
Image Sort
ImageGlass
ImageMagick Q16
ImageMagick Q16-HDRI
ImageMagick Q8
ImageView
iMazing
iMazing HEIC Converter
iMazing Profile Editor
ImBatch
ImgBurn
iMonitor
ImPlay
impulsar
ImWatcher
iNFekt NFO Viewer
Infinite Lagrange
InfiniTex
Infracost
InfraRecorder
ingress2gateway
Ini Translator
iniManager
Ink/Stitch
Inkscape
Inno Script Studio
Inno Setup
innoextract
innounp
InnoUnpacker
inPixio Photo Studio 12 Demo
input-leap
input-overlay
insect
Insecure Nmap
Insecure Npcap
Inside
InsideClipboard
Inso CLI
Insomnia
InSpec
inSSIDer
Inssist
Insta360 Link Controller
Instalador Tarjetas DNIe
InstalledDriversList
InstalledPackagesView
InstallShield
InstaMonitr
Instant Eyedropper
Instant Housecall
Instant JChem
Instatus Out
InstEd
Instigator
Insync
Intel drivers and firmware
Intel oneAPI MKL
Intel PresentMon
Intel(R) PresentMon
IntelDriverAndSupportAssis
IntelliJ IDEA Community Edition
IntelliJ IDEA Ultimate Edition
Interactive Data Editor
Interior Design 3D
Internet Download Manager
InternetOff
InternetPassword
Internxt Drive
Interprocess Gemed Oncologia
Intuiter
IntuitPassword
Intune Debug Toolkit
IntunePrepTool
Invisible Man XRay
Invisiwind
Invizi
Invo Connect
Invoncify
IO Ninja
IObit Malware Fighter
IObit Software Updater
IObit SysInfo
IObit Undelete
IObit Uninstaller
IObit Unlocker
IoctlDecoder
Iometer
IOTransfer
IP Camera Viewer
IP Messenger for Win
ipaSim
Ipe extensible drawing editor
IPFilter
IPFS Desktop
iPhone Backup Extractor
ipinfo
IPMIView
iptvnator
IPVanish
IPVTest
Iqiyi
IRCCloud
IrfanView
IrfanView PlugIns
IridiumSurvey
Iriun VR Server
IronPython
IronPython 2
IronPython 3
Irony Mod Manager
IRPF 2023
IShell
iSlide Tools
ISN AutoIt Studio
ISO Creator
IsoBuster
Isolated
Istio
Iswix
Itchio Itch
ITE Tech drivers and firmware
ITK-SNAP
iTop Data Recovery
iTop Easy Desktop
iTop PDF
iTop Private Browser
iTop Screen Recorder
iTop Screenshot
iTop VPN
ITS Client
itun2socks
iTunes
iTunes
iTunes Backup Reader
IVPN Client
Izarc
J-language
Jabra Direct
JabRef
Jackaudio Jack2
Jackbox Utility
Jackdevey Lux
Jackett
Jadquir Mra
jaeger
Jaguar
Jakobhellermann Atlas
Jamaljsr Polar
James
Jameslarus Spim
Jami (BETA)
JamTaba 2
Jamulus
Jan
Jandedobbeleer Aliae
Janetlang Janet
JapaneseIME
Japplis Clipboard History
Japplis Clipboard History Pro
Japplis Pastel
Japplis Toolbox
Japplis Toolbox Pro
Japplis Watch
Japplis Watch Pro
Japplis Website Optimizer
Jasmine Nova
Jasongin Nvs
jasper
Java 8
Java(TM) SE Development Kit 17
Java(TM) SE Development Kit 18
Java(TM) SE Development Kit 19
Java(TM) SE Development Kit 20
Java(TM) SE Development Kit 21
Java(TM) SE Development Kit 22
Java(TM) SE Development Kit 23
Jayhuang75 Med
JboxTransfer
JboxTransferCLI
JChem .NET API
JCPlayer
Jcv8000 Codex
JD-GUI
jdAppStreamEdit
jdDesktopEntryEdit
jdMinecraftLauncher
jdMrpackInstaller
jdNBTExplorer
JDownloader 2
jdReplace
jdTextEdit
Jedit
Jeffreypfau Mgba
Jellyamp
Jellyfin Media Player
Jellyfin MPV Shim
Jellyfin Server
Jelmerro Vieb
Jernejsimoncic Wget
Jerry - Das Schachprogramm
Jeskola Buzz
jetAudio Basic
Jetbrains Clion
JetBrains dotTrace
JetBrains dotUltimate
Jetbrains Fleetlauncher Eap
JetBrains Gateway
JetBrains Hub
Jetbrains Intellijidea Community
Jetbrains Intellijidea Ultimate E
JetBrains License Service
JetBrains MPS
JetBrains MPS (EAP)
Jetbrains Pycharm Professional Ea
JetBrains ReSharper
JetBrains ReSharper (EAP)
JetBrains Rider
JetBrains Rider (EAP)
JetBrains Space
JetBrains TeamCity
JetBrains Toolbox
JetBrains YouTrack
JetBrainsMono Nerd Font
JFrog CLI
Jftuga Less
Jhmschaars Vdos
JianyingPro
Jiayou Fswt
Jidifudi Gt4T
JiDuDocumentClear
Jinweizhiguang Lanhu Axure
JinweiZhiguang.Lanhu Photoshop (not Adobe)
Jira StopWatch
Jisco Lot
JisuPDF
JisuPDFEditor
JisuPDFToWord
JisuTodo
Jitsi Meet
Jlc Lceda
Jlc Lceda Pro
JLearnIt
Joe's Own Editor for Windows
John's Background Switcher
Jontio Jaero
Jopemachine Arvis
Joplin
Joplin (Pre-release)
JoyMeeting
Joystick Gremlin
JoyToKey
JPEGView
JPEXS Free Flash Decompiler
Jqlang Jq
jreleaser
JRiver Media Center
JS8Call
JsDesign
jsDesignAgent
JSON Viewer
Jtdx
JTL-Wawi
Jubler
Juggernaut
Julialang Julia
Julialang Juliaup
JumpGo Browser
Jumppad
Junegunn Fzf
JupyterLab
Jurplel Qview
just-install
Jw_cad
K-Lite Codec Pack Basic
K-Lite Codec Pack Full
K-Lite Codec Pack Standard
K-Lite Mega Codec Pack
K-Meleon
K3D
K6
kaf-cli
kaf-wifi
KafanInput
Kafka Assistant
Kafka-King
kafkactl
kafkactl-aws-plugin
kafkactl-azure-plugin
Kairoaraujo Tufie
Kaitai Struct compiler
Kakao Work
KakaoTalk
Kali Linux
Kalker
Kamitsubaki Kafu
Kanaries Rath
KanatoMell
Kanban-Desktop
Kangaroo Multiple
Karen's Replicator
KatKoyn Core
KCPPOS plus
KDE Connect
Kde Kate
Kde Kile
Kde Krita
Kdenlive
kdevelop
KDiff3
KEAASZ
Kebler
Keboola CLI
KeePass Password Safe 1
KeePass Password Safe 2
KeePassXC
Keeper Commander
KeeperDesktop
KeepRunning
KeeWeb
Kenku FM
KensingtonWorks
Kevinboss Port
Key Manager
Key Remapper
Keybase
KeyBridge
KeyEcho
Keyhac
keymapper
KeyPrank
KeyStore Explorer
Keyviz
Kicad
KiCad Lite EDA
Kindle Comic Converter
King of Avalon
Kingsoft Kdocs
KingsoftPDF
Kingston SSD Manager x64
KinzakiKoharu
Kitemaker
Kitlib Kite
Kitty Kattis Cli
Kitware Cmake
Kiwi Syslog Server Free
Kiwix JS
Kiwix JS Electron
KizakiAiri
Klatexformula
Klaussinani Ao
Klaussinani Tusk
Klavaro
KLayout
KMeeting
KMyMoney
KNIME Analytics Platform
Knowte
Kocard
KochMorse
Kodu Game Lab
KoharuRikka
Kolossus Launcher
KomoGUI
komokana
komorebi
komorebi Nightly
kompose
kondo-ui
KONNEKT
kontext
KooCLI
Koodo Reader
KopiaUI
Kornelski Dssim
Kotatogram Desktop
Krishisrani Appel
Krisp
Krisp Ai Meeting Manager
Kristenmcwilliam Nyrna
KritaShellExtension
Ksnip
Ktor CLI
Kubazulo
Kube Dev Dashboard
Kube Forwarder
kubeconform
kubectl
kubectx
KubeLinter
kubens
Kubernetes Kind
Kubernetes Kwok
kubescape
kubetui
kubewall
Kubri
KURITA
Kuro Mery
Kuro Mery Beta
kustomize
KuwoMusic
kwokctl
kyverno
L-Connect 3
L'Math
L0phtCrack
La torre di babele
LabPlot2
Labstack Armor
LabyMod Launcher
Lagrange
LaiHuaVideo
Lakes Environmental SCREEN View
Lame
Lamquangminh Evkey
Lando Lando
LANDrop
Language Switcher
LANService
Lapce
Laragon
Laserbox basic
Laserbox for mCreate
LaserWeb
last-hit
Last.fm Desktop Scrobbler
LastPass Desktop (Installed)
LastPass Desktop (MS Store)
LatencyMon
Lattics
Launcher
Launchy
LAV Filters
Lazapdevelopment Lazap
Lazarus
Lazesoft Recovery Suite
Lazydocker
lazygit
lazyjj
LazyType
Lbry
Ldraw Aioi 2023
LDView
LeadDesk
LeafView
League of Legends PBE
LeAppStore
Leawo Blu-ray Player
LeCloud
Lector
Ledger Live
Leesoft Vipad
Lefthook
Legacy Games Launcher
Legcord
legendary
Legends of Runeterra - Americas
Legends of Runeterra - Europe
LegendUtil
Legion Accessory Central
Leinelissen Aeon
Lemonade
Lenovo Commercial Vantage
Lenovo Dock Manager
Lenovo drivers and firmware
Lenovo Legion Toolkit
Lenovo Migration Assistant
Lenovo Quick Clean
Lenovo Service Bridge
Lenovo System Update
Lenovo Thin Installer
Lenovo Update Retriever
Lenovo Vantage
LenovoVoice
LeoCAD
Leonflix
Lepton
Lessons
Let's Connect! Client
Lettura
Lexibar French
Lexibar Greek
Lexibar Russian
Lexibar Spanish
Lexmark drivers and firmware
Lexmark International Printer
Lexorium
LG Bridge
LG SmartShare
LGTVCompanion
Lgug2Z Whkd
Lhaplus
Liberica JDK 11
Liberica JDK 11 Full
Liberica JDK 14
Liberica JDK 14 Full
Liberica JDK 15
Liberica JDK 15 Full
Liberica JDK 16
Liberica JDK 16 Full
Liberica JDK 17
Liberica JDK 17 Full
Liberica JDK 18
Liberica JDK 18 Full
Liberica JDK 19
Liberica JDK 19 Full
Liberica JDK 20
Liberica JDK 20 Full
Liberica JDK 21
Liberica JDK 21 Full
Liberica JDK 22
Liberica JDK 22 Full
Liberica JDK 23
Liberica JDK 23 Full
Liberica JDK 8
Liberica JDK 8 Full
Liberica JRE 11
Liberica JRE 11 Full
Liberica JRE 13
Liberica JRE 13 Full
Liberica JRE 14
Liberica JRE 14 Full
Liberica JRE 15
Liberica JRE 15 Full
Liberica JRE 16
Liberica JRE 16 Full
Liberica JRE 17
Liberica JRE 17 Full
Liberica JRE 18
Liberica JRE 18 Full
Liberica JRE 19
Liberica JRE 19 Full
Liberica JRE 20
Liberica JRE 20 Full
Liberica JRE 21
Liberica JRE 21 Full
Liberica JRE 8
Liberica JRE 8 Full
Liberica NIK 22 (JDK 11)
Liberica NIK 22 Full (JDK 11)
Liberica NIK 23 (JDK 17)
Liberica NIK 23 (JDK 21)
Liberica NIK 23 Full (JDK 17)
Liberica NIK 23 Full (JDK 21)
Liberica NIK 24 (JDK 22)
Liberica NIK 24 Full (JDK 22)
Liberica NIK Core 22 (JDK 11)
Liberica NIK Core 23 (JDK 17)
Liberica NIK Core 23 (JDK 21)
Libgen Desktop
Libjpeg-Turbo Libjpeg-Turbo Vc
libjpeg-turbo SDK for GCC
LibreCAD
LibreHardwareMonitor
LibreOffice
LibreOffice Help Pack
LibrePCB
Librevault
LibreWolf
libusb-win32 drivers
LibUsbDotNet
libwebp
LICEcap
Lidarr
LifeAt
light-dark-cli-win11
LightBulb
LightBurn
Lightform Creator
lightningvine
LightProxy
Lightscreen
Lightshot
Lightspark
Lightworks
LightyearVPN
LightZone
LikeFont
LilyPond
LilyPond (Unstable)
Line 6 Central
Line 6 Monkey
LINE POD Launcher
Linear
Lingdys 4
Lingxi
Link Shell Extension
Linkage
linked
Links WWW Browser
Linphone
LINQPad 5
LINQPad 6
LINQPad 7
LINQPad 8
Linrad
Linrad-dll
Linuxcontainers Incus
LinuxConvert
LinuxFileSystems
Liquibase
Liquit Workspace Agent
Liskfoundation Liskhub
Listary
Listen1
Listen1 Fluent
Lite XL
Lite XL Plugin Manager
Litecoin Core
Little Big Mouse
Little Tips
Live Connect
live777
Livebook
Livehime
LiveKit CLI
Lively Wallpaper
Liveries Mega Pack Manager
llamafile
llamafile (LLaVA 1.5 model)
lLeapp CLI
lLeapp GUI
Llvm
LM Studio
Lmms
Ln - Command line Hardlinks
Ln-Zap Zap
lobster
Local Administrator Password Solution
Local Mock Server
LocalSend
LocalStack CLI
Lock Cursor Tools
LockHunter
Lode
Log Parser 2.2
Log Tag Analyzer
Log4OM2
Logbert
LogExpert
LogFusion
Logger32
Logi Bolt
Logi Bolt
Logi Options+
Logi Tune
LogicCircuit
Logisim-evolution
Logitech Camera Settings
Logitech drivers and firmware
Logitech G HUB
Logitech Gaming Software
Logitech Onboard Memory Manager
Logitech Options
Logitech Presentation
Logitech SetPoint
Logitech Solar App
Logitech Sync
Logitech Unifying Software
LogMeIn Hamachi
Logos Bible Software
Logseq
Logtalk
lokinet
Looking Glass
Loom
Loop Drop
Loop Email
Loop Email (Beta)
Loot
Losbiw Erin
Loupedeck
Love2D
LPub3D
LsAgent
lsdeer
LSDeluxe
LTspice
Lua for Windows
Lua JLS
Lua Language Server
LuaJIT
Luapp Todo
Lubomirkurcak Tend
ludusavi
Lukasbach Yana
Lukebriggs Pepys
Lukehaas Runjs
Lukilabs Craft
Luminance HDR
Luminea Remote
Lunacy
Lunar Client
lx-music-desktop
lychee
LycheeSlicer
LYNX Whiteboard
Lyonbros Turtl
Lyx
M-Files Online
M2 Repo Cleaner
macintosh.js
MacroDeck
MacType
Madrascheck Flow
Maestrosoft Maestroaarsoppgjoer 2
Mage Bros
Magefile Mage
Magic Control Technology drivers and firmware
magic-wormhole
Magicsplat Tcltk
MagiCut
Magnate Speedmanager Pro
Magpie
Mailbird
MailCheck 2
MailMaster
MAILPLUG Messenger Desktop
Mailspring
MailWasher
MailWasherPro
Majsoul Plus
Make Me Admin
MakeBookCLI
MakeMKV
Makerlapse
Malden
Malos-Vision
Maltego
Malwarebytes
Malwarebytes Privacy
Mambaforge
Mambaforge-pypy3
MAMP & MAMP PRO
ManageEngine ADSelfService
ManaPlus
Mandelbulber2
Mango AM
Mango CM
Mango PM
Mango Video Maker
MangoWhiteboardAnimati
ManguReader
ManiaPlanet
ManiaPlanet Dedicated Server
ManicTime
Manifold System 8
Manifold System 9
Manifold Viewer 9
Manticoregames Core
Mantle
Manyi Transformer
Mapillary Tools
Mapillary Uploader
MapMap
Maps CLI
MapTiler Engine
Marble
MariaDB
Markdown Monster
Markdown Outlook
markdown-oxide
Markdownify
Markobl Rosi
MarkRight
markscribe
marksman
MarkText
Martinvonz Jj
Mask ROM Tool
massCode
Master Packager
Master Packager Dev
MasterAgent
masterclass-dl
MasterGo
MasterofGarden
MasterVolumeSync
materialgram
MathBotCLI
Mathpix Snipping Tool
MathType 7
MATLAB Drive Connector
Matteorossi Icopy
MatterControl
Mattermost
Matthewmalensek 3Rvx
Matttytel Helm
Maurizuki O2
MaxBackup
MaxGoWindows
Maxima computer algebra system
MaxLauncher
MAXQDA Reader
Maxthon
Maxthon 5
Maxthon Cloud Browser
MAXtoA
Mazerator
Mazerator-Old
mbcord
mBlock
Mbuilov Sed
MComix
MCreator
McServ
MCX Studio
MDB Admin
mdns-browser
mdview
MDX Notes
Mdyna
Meazure
Medalb V Medal
Medford
Media Creation Tool
Media Downloader
media-get
mediaChips
MediaHuman Lyrics Finder
MediaInfo
MediaInfo-CLI
MediaMonkey
mediamtx
MediathekView
MediBang Paint Pro
Meew0 Lion
MEGAsync
Meitu Colorbyte Pro
Meld
Melodfy
Melodics
melodie
Melon Player
melonDS
Mem Reduct
Memento
Memento Database Desktop
Memurai Developer
Mendeley Reference Manager
Mercurial
Mercury
Mergiraf
merkdir
MeshHouse
MeshLab
Meson Build System
MessyFileOrganizer
Metanorma
Metashape Standard
Metatogger
Metronome
Metronome Wallet
Mevlyshkin Uec
MF4010-MF4018
MFCMapi
Mica For Everyone
Michaelbromley Skqw
Michaelherrmann Fman
Michalstrehovsky Bflat
Michidk Vscli
MicroBrowser
MicroDicom DICOM Viewer
Micromamba
Micronaut Launch
MicroSIP
MicroSIP (Lite)
.NET Runtime 3.1
.NET Runtime 5.0
.NET Runtime 6.0
.NET Runtime 7.0
.NET Runtime 8.0
.NET Runtime 9.0
.NET SDK 3.1
.NET SDK 5.0
.NET SDK 6.0
.NET SDK 7.0
.NET SDK 8.0
.NET SDK 9.0
.NET SDK 9.0 Preview
Azure CLI
Azure Kubelogin
Azure Quick Review
Azure Service Fabric
Build Tools 2015
Clrtypessqlserver 2019
Defender
Defender Engine
Defender Engine Version
Defender Platform
Defender Platform Version
Defender Version
Deployment Toolkit
asp.net core 2_1
asp.net core 2_2
asp.net core 2_2_4
asp.net core 3_0
asp.net core 3_1
asp.net core 5
asp.net core 6
asp.net core 7
asp.net core 8
asp.net core 9
asp.net core Previ
.net Runtime 3
.net Runtime 5
.net Runtime 6
.net Runtime 7
.net Runtime 8
.net Runtime 9
.net Runtime P
.net Hostingbundle 3_
.net Hostingbundle 5
.net Hostingbundle 6
.net Hostingbundle 7
.net Hostingbundle 8
.net Hostingbundle 9
.net Hostingbundle Pr
Dynamics Station 1
Dynamics Station 2
Dynamics Station 3
Dynamics Station 4
Dynamics Station 5
Dynamics Station 6
Edge
Edge Beta
Edge Canary
Edge Dev
Edge WebDriver
Edge WebView2 Runtime
Gaming Tak Cli
Git
Laps
Malicious Software Removal
MPI
MPI SDK
Msodbcsql 11
Msodbcsql 13
Msodbcsql 17
Msodbcsql 18
Network Monitor
Nuget
OneDrive
Openjdk 11
Openjdk 16
Openjdk 17
Openjdk 21
PC Manager (Beta)
PIX
PowerApps CLI
PowerBI Desktop (x64)
Promptflow
Report Builder
Skype
Small Basic
SqlPackage
Sqlserver 11 Odbc
Teams
Teams Classic
Teams Free
Teams TxNDI add-on
Vclibs Desktop 14
Vcredist 2005 X64
Vcredist 2005 X86
Vcredist 2008 X64
Vcredist 2008 X86
Vcredist 2010 X64
Vcredist 2010 X86
Vcredist 2012 X64
Vcredist 2012 X86
Vcredist 2013 X64
Vcredist 2013 X86
Vcredist 2015+ Arm64
Vcredist 2015+ X64
Vcredist 2015+ X86
Vfsforgit
Visio Viewer 2016
Visual C++ 2005 Redistributable (x64)
Visual C++ 2013 Redistributable (x64)
Visual C++ 2015-2019 Redistributable (x64)
Visual C++ 2017 Redistributable (x86)
Visual Studio Code
Visualstudio 2022 Commu
Visualstudio 2022 Enter
Visualstudio 2022 Profe
Visualstudiocode Cli
Vott
Vstor
Web Deploy
Windowssdk 10 0 19041
Windowssdk 10 0 20348
Windowssdk 10 0 22000
Windowssdk 10 0 22621
Windowssdk 10 0 26100
Windowswdk 10 0 22000
Windowswdk 10 0 22621
Windowswdk 10 0 26100
Microsoft.UI.Xaml.2.7
Microsoft.UI.Xaml.2.8
Microstockr
MicSwitch
MIDI-OX
MIDI2LR
MidiKey2Key
MidorizakiKasumi
Midterm
Migros Bank E-Banking
migu-music-dl
Mihomo-Party
Mikefarah Yq
MiKTeX
MilkyTracker
Miller
Millerpuckette Pd64
Millie
Millie (Legacy)
Min
minder
MindManager
MindManager 24
MindMaster
Mindstorms Classroom
Mine-imator
Minecodes 4Zur3
Minecraft Launcher
Minecraft Note Block Studio
minerva
mineSquid
MinGit
Mingo
MiniBrowser
MiniCADDraw
MiniCADHome
MiniCADSee
Miniconda3
Miniforge-pypy3
Miniforge3
minikube
MiniLyrics
MinIO Client
MinIO Server
Minion
MiniProgramStudio
miniserve
Minisign
MiniTool Partition Wizard Free
miniWOL
Miranda IM
Mirantis Lens
Mirc
Miro
MirrorOp
MiService
Misfit Model 3D
Misfit Model 3D (Dev)
MisiteBao
MIT Kerberos for Windows
Mitk Mitk
mitmproxy
Mixxx
mkcert
MkClipse
mkshim
MKV Muxing Batch GUI
MKVToolNix
mkWritable
Mmozeiko Wcap
MndpTray.Core
Mnemosyne
MobaXterm
Mobile VPN with SSL client
MOBILedit! SIM Clone
MobileDrivers
MobileVPNWithSSLClient
Mobster
mockingbot-studio
Mockplus RP
Mod Organizer
Modboy
ModBreeze
Modbus Master Emulator
Modbus Slave Emulator
ModbusTool
Modeler
Modelio Open Source
Modern CSV
ModernDeck
ModernFlyouts (Preview)
Modrinth App
Modyfi
Mogan Research
Moises
moligeek
Molotov
Momento CLI
Momentum
Money Manager EX
MongoDB
MongoDB Atlas CLI
MongoDB CLI
MongoDB Compass
MongoDB Compass Community
MongoDB Compass Readonly
MongoDB Shell
MongoDB Tools
Monica
Monitorian
Mono for Windows
MonoGame SDK
monolith
Monsterkodi Kalk
Monsterkodi Kappo
Moonlight Game Streaming Client
Moonshotai Kimi
Moosync
Morgen
Morningstar Direct Prerequisite
Moshfeu Y2Mp3
Mostaqem
Motion Desktop App
MotionGIF
MotionPro
MotionStudio
Motrix
MOTU M Series
Mountain Duck
Mouse2joystickForCEMU
MouseandKeyboardCenter
MouseWithoutBorders
MoveFile
MozBackup
Mozilla Firefox
Mozilla Firefox Developeredition
Mozilla Firefox ESR (ach)
Mozilla Firefox ESR (af)
Mozilla Firefox ESR (an)
Mozilla Firefox ESR (ar)
Mozilla Firefox ESR (ast)
Mozilla Firefox ESR (az)
Mozilla Firefox ESR (be)
Mozilla Firefox ESR (bg)
Mozilla Firefox ESR (bn)
Mozilla Firefox ESR (br)
Mozilla Firefox ESR (bs)
Mozilla Firefox ESR (ca)
Mozilla Firefox ESR (cak)
Mozilla Firefox ESR (cs)
Mozilla Firefox ESR (cy)
Mozilla Firefox ESR (da)
Mozilla Firefox ESR (de)
Mozilla Firefox ESR (dsb)
Mozilla Firefox ESR (el)
Mozilla Firefox ESR (en-CA)
Mozilla Firefox ESR (en-GB)
Mozilla Firefox ESR (en-US)
Mozilla Firefox ESR (eo)
Mozilla Firefox ESR (es-AR)
Mozilla Firefox ESR (es-CL)
Mozilla Firefox ESR (es-ES)
Mozilla Firefox ESR (es-MX)
Mozilla Firefox ESR (et)
Mozilla Firefox ESR (eu)
Mozilla Firefox ESR (fa)
Mozilla Firefox ESR (ff)
Mozilla Firefox ESR (fi)
Mozilla Firefox ESR (fr)
Mozilla Firefox ESR (fur)
Mozilla Firefox ESR (fy-NL)
Mozilla Firefox ESR (ga-IE)
Mozilla Firefox ESR (gd)
Mozilla Firefox ESR (gl)
Mozilla Firefox ESR (gn)
Mozilla Firefox ESR (gu-IN)
Mozilla Firefox ESR (he)
Mozilla Firefox ESR (hi-IN)
Mozilla Firefox ESR (hr)
Mozilla Firefox ESR (hsb)
Mozilla Firefox ESR (hu)
Mozilla Firefox ESR (hy-AM)
Mozilla Firefox ESR (ia)
Mozilla Firefox ESR (id)
Mozilla Firefox ESR (is)
Mozilla Firefox ESR (it)
Mozilla Firefox ESR (ja)
Mozilla Firefox ESR (ka)
Mozilla Firefox ESR (kab)
Mozilla Firefox ESR (kk)
Mozilla Firefox ESR (km)
Mozilla Firefox ESR (kn)
Mozilla Firefox ESR (ko)
Mozilla Firefox ESR (lij)
Mozilla Firefox ESR (lt)
Mozilla Firefox ESR (lv)
Mozilla Firefox ESR (mk)
Mozilla Firefox ESR (mr)
Mozilla Firefox ESR (ms)
Mozilla Firefox ESR (MSIX)
Mozilla Firefox ESR (my)
Mozilla Firefox ESR (nb-NO)
Mozilla Firefox ESR (ne-NP)
Mozilla Firefox ESR (nl)
Mozilla Firefox ESR (nn-NO)
Mozilla Firefox ESR (oc)
Mozilla Firefox ESR (pa-IN)
Mozilla Firefox ESR (pl)
Mozilla Firefox ESR (pt-BR)
Mozilla Firefox ESR (pt-PT)
Mozilla Firefox ESR (rm)
Mozilla Firefox ESR (ro)
Mozilla Firefox ESR (ru)
Mozilla Firefox ESR (sat)
Mozilla Firefox ESR (sc)
Mozilla Firefox ESR (sco)
Mozilla Firefox ESR (si)
Mozilla Firefox ESR (sk)
Mozilla Firefox ESR (sl)
Mozilla Firefox ESR (son)
Mozilla Firefox ESR (sq)
Mozilla Firefox ESR (sr)
Mozilla Firefox ESR (sv-SE)
Mozilla Firefox ESR (szl)
Mozilla Firefox ESR (ta)
Mozilla Firefox ESR (te)
Mozilla Firefox ESR (tg)
Mozilla Firefox ESR (th)
Mozilla Firefox ESR (tl)
Mozilla Firefox ESR (tr)
Mozilla Firefox ESR (trs)
Mozilla Firefox ESR (uk)
Mozilla Firefox ESR (ur)
Mozilla Firefox ESR (uz)
Mozilla Firefox ESR (vi)
Mozilla Firefox ESR (xh)
Mozilla Firefox ESR (zh-CN)
Mozilla Firefox ESR (zh-TW)
Mozilla Maintenance Service
Mozilla Thunderbird (af)
Mozilla Thunderbird (ar)
Mozilla Thunderbird (ast)
Mozilla Thunderbird (be)
Mozilla Thunderbird (bg)
Mozilla Thunderbird (br)
Mozilla Thunderbird (ca)
Mozilla Thunderbird (cak)
Mozilla Thunderbird (cs)
Mozilla Thunderbird (cy)
Mozilla Thunderbird (da)
Mozilla Thunderbird (de)
Mozilla Thunderbird (dsb)
Mozilla Thunderbird (el)
Mozilla Thunderbird (en-CA)
Mozilla Thunderbird (en-GB)
Mozilla Thunderbird (es-AR)
Mozilla Thunderbird (es-ES)
Mozilla Thunderbird (es-MX)
Mozilla Thunderbird (et)
Mozilla Thunderbird (eu)
Mozilla Thunderbird (fi)
Mozilla Thunderbird (fr)
Mozilla Thunderbird (fy-NL)
Mozilla Thunderbird (ga-IE)
Mozilla Thunderbird (gd)
Mozilla Thunderbird (gl)
Mozilla Thunderbird (he)
Mozilla Thunderbird (hr)
Mozilla Thunderbird (hsb)
Mozilla Thunderbird (hu)
Mozilla Thunderbird (hy-AM)
Mozilla Thunderbird (id)
Mozilla Thunderbird (is)
Mozilla Thunderbird (it)
Mozilla Thunderbird (ja)
Mozilla Thunderbird (ka)
Mozilla Thunderbird (kab)
Mozilla Thunderbird (kk)
Mozilla Thunderbird (ko)
Mozilla Thunderbird (lt)
Mozilla Thunderbird (lv)
Mozilla Thunderbird (ms)
Mozilla Thunderbird (MSIX)
Mozilla Thunderbird (nb-NO)
Mozilla Thunderbird (nl)
Mozilla Thunderbird (nn-NO)
Mozilla Thunderbird (pa-IN)
Mozilla Thunderbird (pl)
Mozilla Thunderbird (pt-BR)
Mozilla Thunderbird (pt-PT)
Mozilla Thunderbird (rm)
Mozilla Thunderbird (ro)
Mozilla Thunderbird (ru)
Mozilla Thunderbird (sk)
Mozilla Thunderbird (sl)
Mozilla Thunderbird (sq)
Mozilla Thunderbird (sr)
Mozilla Thunderbird (sv-SE)
Mozilla Thunderbird (th)
Mozilla Thunderbird (tr)
Mozilla Thunderbird (uk)
Mozilla Thunderbird (uz)
Mozilla Thunderbird (vi)
Mozilla Thunderbird (zh-CN)
Mozilla Thunderbird (zh-TW)
Mozilla VPN
MP3Gain
Mp3tag
MPC-BE
MPC-HC
Mpi Elan
mpv.net
MQTT Assistant
MQTT Explorer
MQTT Explorer (Beta)
Mr.Dclutterer
MrBayes
MrCode
mRemoteNG
Mrkaran Doggo
Mrmarble Yoink
MS Paint IDE
MSBuild Community Tasks
MSBuild Structured Log Viewer
MSEdgeRedirect
MSI Afterburner
MSI Afterburner Beta
MSI Gaming Intelligence
MSI Kombustor 2
MSI Kombustor 3
MSI Kombustor 4
MSI Wrapper
MSIX Core
MSIX Hero
MSIXCommander
msstyleEditor
mStream Server
Msty (CPU only)
MSYS2 Installer
MTGA Launcher
Mtkennerly Shawl
MTPuTTY
Mu Editor
Muandane Goji
muCommander
Muesli Duf
muffon
MuJing
Mullvad Browser
Mullvad VPN
MultiBaseCS BirdBase
MultiBaseCS Home
MultiBaseCS Professional
MultiBaseCS Server
multiclip
MultiCommander
MultiExtractor
MultiMC
MultiMon
MultiPar
Multipass
MultiPSK
Multisine
MultiViewer
Multrin
Mumble (client)
Mumble Server
munixo Client
Mupen64
Muse Hub
Museeks
MuseScore
MuseScore 3
Music Caster
Music Center for PC
Music Pattern Generator
Music Player
MusicBee
MusicBrainz Picard
MusicFree
MusicLake
mutool
Mvdan Shfmt
My Family Tree
MY.GAMES GameCenter
myADVICE.Auftragsverwaltung
MyHarmony
MyHeritage Family Tree Builder
MyMonero
MyMoney.Net
MyPaint
MyPhoneExplorer
MySQL Community Server
MySQL Notifier
MySQL Shell
MySQL Workbench
MysteriumVPN
myViewBoard Display
myViewBoard Whiteboard
Mzdyl Liteloaderqqnt_Install Pyin
Nagstamon
Namecoin Core Client
NanaZip
NanaZip Preview
nano for Windows
Nanoleaf Desktop
nanoproxy
Nao1215 Gup
NAPS2 Prerelease
Nasm
Nass Ado
Nassau
NateOn
NativeCl
NativeRest
Natron
NATS Command Line Interface
NATS Server
NatsukiKarin
NaturalReader 16
NAVER MYBOX Explorer
NAVER Order
Naver Whale
NAVER WORKS Drive
Navidrome
Navigraph Hub
Navitel DVR Player
NBTExplorer
NCALayer
ncmdump
ncmdump-net
ncspot
NDI 5 Runtime
NDI 5 Tools
NDI 6 Runtime
NDI 6 Tools
NeatConverter
NeatReader
nefcon
NegativeEncoder
NekoRay
Nektos Act
Nelson
Neo Cowsay
NeoAxis Launcher
NeoChat
neofetch-win
NeoLoad
Neovide
Neovim
Neovim Nightly
neovim-qt
nertivia
Nervatura
Nessus
Nessus Agent
net4mqtt
Netbird
NetBScanner
NetChat
NetDocuments ndOffice
Netease Cloudmusic Beta
Netease Dd
Netease Qiyu
Netease Youdaotongchuan Comm
Nethack
Nethermind
Netless-Io Flat
NetLimiter
NetLogo
Netmaker
NetRadio
Netron
NetRouteView
Netsarangcomputer Portx
NetSend
Netsix
NetSurf - NetSurf - Web Browser
NetTime
Network Meter
Network Scanner
Network Time Protocol
Network-Status-Check
NetworkInterfacesView
NETworkManager
NetworkOPC
NetworkOpenedFiles
NetworkUsageView
NewCloud.ScreenCapturerRecorder
Newfield News
Newgrounds Auditorium
Newgrounds Player
Newline Assistant for X689
NewReleases
News CLI
NewsLeecher
NewSS Student
NewSS Teacher
NewzenLauncher
NextChat
Nextcloud
Nextcloud Talk
NextDNS
NextDNS CLI
Nextiva
nexusfont
nginx-prometheus-exporter
Nginxinc Nginx
nGlide
ngraph-gtk
Ngrok
Ngudbhav Trico
Nhekoreborn Nheko
NHI ServiSign
Nhnbugs Bugs
NI Package Manager
NI PXI Platform Services
NI System Configuration
NI-DAQmx
NI-Serial
NI-VISA
NI-XNET
Nicepage
Nickvision Parabolic
Nicolasconstant Sengi
Niconico Nair Live
Nicotine+
Night Light
Nighthawk
NIIMBOT for Windows
Nilesoft Shell
Nim programming language
nimblenote
NimbleText
Nimbus Note
Ninja-Build Ninja
Nintendo Switch Online
NirSoft DownTester
NirSoft IPNetInfo
NirSoft NK2Edit
NirSoft ShellExView
NirSoft VideoCacheView
NirSoft Volumouse
NirSoft WhoisThisDomain
Nishkalkashyap Quark
Nitro PDF Pro
Nitrokey-App
Nitronic Rush
Nitropy
NitroShare
No-IP DUC
Noborus Ov
Node.js
Node.js LTS
NodemailerApp
Nodist
Noesis
Nokia SP MIDI Player
NoMachine
NoMachine Enterprise Client
nomacs - Image Lounge
NordLayer
NordLocker
NordPass
NordPass
NordVPN
NoRiskClient
NormCap
NorthReader
Norton 360
Norton Secure VPN
Norton Security
Norwood
NoSql Assistant
NoSQL Workbench
NoSQLBooster for MongoDB
Nota Gyazo
Notable
Notation CLI
NoteBook FanControl
NoteHighlight2016
Notejoy
Notepad DOT Qt
Notepad Next
Notepad--
Notepad++
Notepad2
Notepad2-mod
Notepad3
Notepad4
Notepad4 (AVX2)
Notepads
notepanda
Notesnook
NoteTab Light
Notion
Notion Calendar
Notion Enhanced
Novabench
Novation USB Midi Driver
novelWriter
NOW TV Player
Nox APP Player
Nozbe Personal
Npackd
npiperelay
nrfutil
Nrittsti Ntag
NS-USBloader
Nssm
NSwagStudio
nteract
NTFS Data Recovery
NTLite
nuclear
NullpoMino
Nullsoft Install System
Numara
NumeRe
numerone's fortune in avalonia
numerone's oem information
numeronesoft backgrounds
numeronesoft backgrounds otto
numeronesoft-backgrounds-prox
nunuStudio
Nushell
Nutstore
Nutstore LightApp
Nuttyartist Notes
NV Access
Nvaccess Nvda
NVC VHDL Simulator
NVCleanstall
NVIDIA Broadcast
NVIDIA CUDA Toolkit
Nvidia FrameView
NVIDIA GeForce Experience
NVIDIA GeForce NOW
NVIDIA Graphics Driver
Nvidia Icat
NVIDIA Omniverse Launcher
NVIDIA PhysX (Legacy)
NVIDIA PhysX System Software
NVIDIA Video Effects
NVM for Windows
nvQuickSite
NxFilter
NxShell
NZBGet
NZXT CAM
O&O AppBuster
O&O AutoBackup
O&O BlueCon
O&O Defrag Professional
O&O Defrag Server
O&O DeskInfo
O&O DiskStat
O&O Lanytix
O&O SafeErase Professional
O&O ShutUp10++
oatmeal
OBD Auto Doctor
ObinsKit
Objeck
Oblivion Desktop
OBS RTSP Server Plugin
OBS Studio
OBS Studio Beta
obs-asio
obs-backgroundremoval
obs-virtualcam
Obsidian
Ocaml Opam
Ocbase Occt Personal
ocenaudio
ocm-cli
Octave
Octo Mesh Admin Command Line
October 2024 GDK
octobuild
Octopus CLI
Octopus Deploy Server
Octopus Deploy Tentacle
Oculus
Odamex
Odassey
Oddlab Cubox
Odin Programming Language
odrive
Office
Office
Office 365 on Electron
Office consumer on Electron
Office Deployment Tool
Office Tab
Office Tab Enterprise
OfficeKit
Official Krunker.io Client
Officialapp
OFGB (Oh Frick Go Back)
Ogdesign Eagle
Ogham Dog
Oh My Posh
OhHai Browser
OHRRPGCE
ojdkbuild OpenJDK
ojdkbuild OpenJDK 17
ojdkbuild OpenJDK JRE 17
okteto
Okular
Oldschool RuneScape
OLEDShift
Olegshparber Zeal
Olive Video Editor
Oliverschwendener Ueli
Olivia Via
Ollama
OLP CLI
OLP CLI Native
Olympus
OmegaT
Omnify Hotspot
OmniRig
omsi-launcher
One Tagger
One Talk
One-Click-Backup
one-wallhaven
OneCommander
onecopy-electron
onefetch
Onegal Viper
OneKey Wallet
OneLeft
OneMark
OneMoreAddIn
OneNote Tagging Kit
OneScript engine
Onetab Re
OneWare Studio
OnionShare
OnionShare Dev
OnlineDOSGames
OnlyKey App
ONLYOFFICE Desktop Editors
OONI Probe
OP Auto Clicker
Open Live Writer
Open Rails
Open Shop Channel Downloader
Open Video Downloader
Open-Shell
openage
OpenAI Translator
OpenAL
OpenAudible
OpenBB Terminal
OpenBoard
openBVE
OpenChrom
OpenComic
OpenCPN
OpenCppCoverage
OpenDirectoryDownloader
OpenDrive
OpenedFilesView
openElement
openexr-viewer
OpenFreebuds
OpenHantek6022
OpenHashTab
OpenHV
OpenJ9
OpenJDK 11
OpenJDK 13
OpenJDK 14
OpenJDK JRE 11
OpenKneeboard
OpenLens
OpenLP
OpenMPT
OpenMW
OpenObserve
OpenOffice
OpenOffice
OpenOrienteering Mapper
OpenOSRS Launcher
OpenRA
OpenRCT2
OpenRGB
OpenRocket
OpenRPA
OpenSC smartcard framework
OpenSCA-cli
OpenSCAD
OpenSCAD Nightly
OpenSearch SQL ODBC Driver
OpenShift Client
OpenShot Video Editor
OpenSSH Beta
OpenSSH Preview
OpenSSL
OpenSSL 3.3.1
OpenSSL Light 3.3.1
OpenStego
OpenStore
Openstreetmap Josm
openSUSE Leap 15.6
openSUSE Tumbleweed
OpenTofu
OpenToonz
opentrack
OpenTTD
OpenTXCompanion
OpenUTAU
OpenUTAU Beta
OpenVPN
OpenVPN Configuration Generator
OpenVPN Connect v2
OpenVPN Connect v3
OpenVR Advanced Settings
OpenWebStart
Opera beta
Opera Crypto Stable
Opera developer
Opera GX Stable
Opera Stable
opscan
Opslycloud Opsly-Cli
Optimate SOLIDWORKS Plugin
OptiPNG
Oracle Linux 7.9
Oracle Linux 8.7
Oracle Linux 9.1
Oracle Mysql
Oracle VM VirtualBox
Orange
Orange-Opensource Hurl
OrangeJuiceModMaker
OrangePlayer
ORAS CLI
Orbitron
Orbx Central
OrcaSlicer
OrgCharting
Origin
ORM_Core
OSFMount
Osgeo Qgis
OSPRay
osquery
OSSEC HIDS
Ossia Score
osukps
Otter Browser
Otto8-Ai Otto8
Outline Manager
Outlook for Office365
Outlook for Outlook.com
Outlook Google Calendar Sync
Outlook4Gmail
Oven-Sh Bun
Overlayed
OverlayTimer
OvermindCLI
OVITO Basic
OVITO Pro
Owasp Amass
OwlPlug
ownCloud
Oxford Learners Bookshelf
Oxipng
Ozankaraali Pitv
P3X Redis UI
P4Merge
Pa7Lim Doozy
Packer
Packet Sender
PageEdit
paint.net
PaintAid
Palamedes
Pale Moon
Palisade @RISK Platform
PalmInput
Panda3D SDK
Pandoc
Pandoc GUI
pandoc-plot
pangea
Panorama9
PanWriter
Paologiuaa Tilde
PaperCut Mobility Print
PaperCut NG
Papercut SMTP
Paperlib
Paprika Recipe Manager
Paprika Recipe Manager 3
Paradox Launcher
Paragon Apfs
Paragon Backup & Recovery CE
Paragon Hfs+
Paragon Partition Manager CE
Parallels Client
ParaView
ParkControl
Parkdale
Parsec
Parsec Virtual Display Driver
Parsify
Pass Order
Passcovery Suite
Passky
PassMark Fragger
Passport Photo Maker
Password Checker
Password Safe
Password Tech
PasswordGenerator
PasswordRecovery
PasteBar
pastel
Patch My PC
PatchdeckWindowsAgent
Patchwork
Path Copy Copy
Path of Building Community
PathWaveLicenseManager
Paulanerus Okane
PayCoOrder
Payhere Seller
PB for Desktop
PC Clone
PC Manager
PC_DIMMER
Pcgen
pCloud Drive
PCR532
Pcsx2Team Pcsx2
PdaNet+
PDF Architect
PDF Arranger
PDF Candy Desktop
PDF Printer
PDF reDirect
PDF Studio
PDF Viewer Component
PDF-Over
PDF-Tools
PDF-XChange Editor
PDF-XChange PRO
PDF-XChange Standard
PDF-XChange Viewer
PDF24 Creator
PDFCreator Free
PDFCreator Professional
PDFCreator Server
PDFCreator Terminal Server
pdfFactory
pdfFactory Pro
PDFgear
PDFill FREE PDF Editor Basic
PDFKeeper
PDFlux
PDFPasswordRemover
PDFsam Basic
PDFShow
PDFTK Builder
PDFtk Free
PDFtk Server
PDQ Deploy
PDQ Inventory
PE Explorer
PeaZip
PeaZip
Peco
Peer Brain
PeerBanHelper
Pencil
PendMoves
Pendulums
Pennywise
PerfectWorldAr
Perfetto
Perfoo
PerfView
Perimeter 81
Persepolis Download Manager
Perseus
Person
Personal
Perspective
PetWings
Pext
pgAdmin 4
PGPTool
PharoLauncher
Phoenix File Rescue
PhonePresenter
PhonerLite
Photo Calendar Maker
Photo Viewer
PhotoDiva
PhotoGlory
Photonicstul Plask
PhotoSync
PhotoWorks
PHP 8.2
PHP 8.3
PHP 8.4
PhpStorm
PhpStorm (EAP)
PhraseExpress
PhraseVault
Pi Network
Picaso - Open Source
Picgo
PicGo Beta
PicGuard
Picocrypt
PicoScope 7
PicoTorrent
PicPick
Picto-Selector
Picturama
PicView
Pidgin
Pidgin
PikPak
PilotEdge Pilot Client
Pingus
Pinokio
PinPoint
Pinta
Pioneer
PiP-Tool
pipe-rename
pipes-rs
Pixelorama
PixPin
Pixso Local Font
pje-office
PKU_Gateway
PL/SQL Developer
Place Ia
Place Ia Cs7
Place Ia Sing
Place One
Place One Cs7
Planet Blupi
Planning for Excel
Plantronics Hub Software
PlasticSCM Cloud Edition
Playdate SDK
playit
Playnite
Playpark Downloader
Plazma Burst 2 launcher
Plex
Plex Media Player (Deprecated)
Plex Media Server
Plex MPV Shim
PLEX Rich Presence
Plexamp
PlexHTPC
Plogue AlterEgo
Plogue chipspeech
Plottr
Plover
Pluveto Upgit
PNGGauntlet
Pnpm
Pnpm Preview
Pocket Sync
Podman
Podman Desktop
Poe Writer
Poedit
PokeMMO
Pokemon Showdown
Pokemon Trading Card Game Live
PokerTH
Policy
pollapo
Poly Lens
PolyMC
Polypane
PolyvDirector
PolyvLive
PolyvLiveCommunity
Pomatez
Pomodoro
Pomodoro Logger
Pomotroid
Poooi Poi
Popcorn-Time
Popcorn-Time-Ru
portal
Portfolio Performance
Portmaster
PortScan
Posit Rig
Positron
Post On Screen
Post On Screen Pro
Postbox
Poster Font
Poster Font Light
PostgreSQL 10
PostgreSQL 11
PostgreSQL 12
PostgreSQL 12
PostgreSQL 13
PostgreSQL 13
PostgreSQL 14
PostgreSQL 14
PostgreSQL 15
PostgreSQL 15
PostgreSQL 16
PostgreSQL 16
PostgreSQL 17
PostgreSQL 9
Postimage
Postman x86_64
PostmanCanary
PostyBirb
PostyBirb+
PotatoWall
PothosSDR
PotPlayer
POV-Ray for Windows
Power Automate for desktop
Power BI Report Builder
Power Manager
PowerArchiver 2022
PowerBI Desktop
PowerExtension
PowerISO
powerMAX
PowerSDR
PowerSession
PowerShell
PowerShell Preview
PowerShell Universal
PowerToys
PowerWord
PPLink
PPSSPP
PPTService
Ppy Osu
Prayag17 Blink
Pre-Release
Prefix-Dev Pixi
PreForm
Premake 5 (Beta)
PreMiD
Premiu
PremiumSoft Navicat Premium
PresenceLight
PresentMon Console
presty-installer
pretixSCAN
Preview
Prey Anti-Theft
PreyHelper
Prezi Classic
Primecount
Primesieve
PrintButton
Printfn Fend
PrintNode
Prism Launcher
Prismatik (unofficial)
privacy.sexy
Private Internet Access
Proactive Password Auditor
Process Explorer
Process Lasso
Process Lasso Beta
Process Monitor
procgov
Product Portal
ProFile
ProfileSwitcherforFirefox
Prog Finder
Prog Progmediaserver Large
Prog Progmediaserver Small
ProgDVB
Programmer's Notepad
Project
Project My Screen App
Project Plan 365
Project-Env CLI
Project-Env Shell
Project64
Project64 (Development)
ProjectLibre
ProPresenter
ProRes RAW for Windows
ProScan
Prospect Mail
Protected Folder
Protege
protobuf
Protoman
Proton
Proton Drive
Proton Mail
Proton Mail Bridge
Proton Pass
Proton VPN
ProtonClient
ProtoPie
ProwessIQ
Prowise Presenter
Prowise Reflect
Prowlarr
ProWritingAid Office Add-in
Proxifier
Proximity
proxinject
ProXSign
Proxyman
PRQL compiler CLI - prqlc
PRTG Desktop
PrusaSlicer
PrusaSlicer Alpha
PS Remote Play
PS3 Media Server
PSO2 Tweaker
PSP Thumbnail Handler
PSPad editor
psqlodbc
psqlodbc (mimalloc version)
pstoedit
PsTools Suite
PstRotator
PstRotatorAz
PUB HTML5
Publii
Puffin Secure Browser
Pulsar
Pulsar Assistant
Pulse Browser
Pulse Secure
Pulse SMS
PulseView
PulseView (Nightly)
Pulseway
Pulumi
punktf
PupaFM
Puppet Agent
Puppet Bolt
Puppet Development Kit
puppetry
Puran File Recovery
Pure Codec
Pure Data
Pure Writer
PureSync
PURPLE
Purple Pen
Purplei2P I2Pd
Pushbullet
Putty
PuTTY CAC
Puzzles
PW Auto Login
PWAsForFirefox
PxCook
PyAudio
PyCharm Community Edition
PyCharm Community Edition (EAP)
PyCharm Professional Edition
pychess
PyDebloatX
PyEveLiveDPS
Pyfa
pyftpsync
Pyinstaller Helper
Pylogmon Pot
PyMODA
pympress
PYPrime
PyPy3.9
Python 2
Python 3.0
Python 3.1
Python 3.10
Python 3.11
Python 3.12
Python 3.13
Python 3.2
Python 3.3
Python 3.4
Python 3.5
Python 3.6
Python 3.7
Python 3.8
Python 3.9
Python Launcher
Python Tk Gui Builder
Pythonnet
pytigon
Q1-WinXP
Qalculate!
QBFC
qBittorrent
qBittorrent
qBittorrent Beta
qBittorrent Enhanced Edition
QEMU guest agent
QENC Decrypter
QField
qFlipper
QGIS (LTR)
QianJi
QiDian
QieLive
Qingtui
qiniu client
QMK Toolbox
QMPlay2
QNAP External RAID Manager
QNAP NetBak Replicator
QNAP Qfinder Pro
QNAP Qsync Client
QNAP QVR Pro Client
Qobuz
Qodana CLI
QOwnNotes
Qpdf
QQBrowser
QQDevTools
QQImage
QQMusic
QQPinyin
QQPlayer
QQWubi
QR-Code Reader
QSapecNG
Qsirch PC Edition
Qt Designer
Qt-based Multimedia Player
Qt-DAB
Qtcord
QTextPad
QTodoTxt
QtPass
QtScrcpy
QTTabBar
Quadren Arc Prerelease
QuadSpinner Gaea 2.0
Quantumnovice Xkill
QuarkCloudDrive
Quarto
Quartz
QuasselIRC
Quaternion
Qucs-S
QuDedup Extract Tool
Questionmark Secure Browser
QuestPatcher
Questrade Edge
Quick CPU x64
Quick Picture Viewer
Quick Share from Google
quick-lint-js
QuickBMS
QuickBooks Premier
QuickDash
Quicken
Quicker
QuickFinder
QuickFixMyPic
QuickLook
QuickPar
QuickRedis
QuickSECS
QuickSFV
quicreach
QuodLibet
Quoll Writer
Quote Hunt
QuPath
qutebrowser
QuteMol
Qv2ray
QWS Quick Windows Sequencer
R for Windows
R12F Rnp
r2modman
RabbitMQ Assistant
RaceCore24 Ignition
Racket
Radarr
Radio Eyes
Radio-Sky Spectrograph
radioconda
Radius
Radmin Server
Radmin Viewer
Radmin VPN
RAGE Multiplayer
Ragel for Windows
RaiDrive
RaiDrive (Managed)
Rainbow Board
Raindrop.io
Rainlendar Lite
Rainmeter
Rakk Talan Air Wireless
Rakuten Viber
Rambox
RamMap
RamSoft DicomProxy
RamSoft Omega AI Link
Rancher Desktop
Random Password Generator
RandomNumberGenerator
RandPass
Ransome1 Sleek
RansomSnare
Rao Pics
Raphamorim Rio
Rapid Environment Editor
RapidCRC
Raspberry Pi Imager
Raspberry Pi Imager
Raven Core
Raven Reader
Rawrite32
RawTherapee
raycho
Rayman Control Panel
Razer Synapse 3
RazorSQL
rBiblia
rcedit
Rcharan Wiki
Rclone
Rclone Browser
RcloneTray
RDCMan
React Native Debugger
React-Explorer
Reactotron
ReacType
Readarr
ReadPaper
Ready For Assistant
ReadyRunner
Reaktek Audio Driver
Realtek drivers and firmware
RealVNC Server
RealVNC Server
RealVNC Viewer
REAPER
RecentX
Recode Converter
Recom (PCST)
Recuva
Red Eclipse
Red Panda C++
Redact
Reddit Wallpaper Changer
Redducks Cemui
Redis Assistant
redis-gui
Redisant Toolbox
RedNotebook
redream
Redwood
Reg Organizer
RegAlyzer
Regard3D
RegClean Pro
RegCool
Regedix
Reginald
Region To Share
Registrar Registry Manager
Registry Finder
Registry Life
Registry Workshop
RegJump
regolith
regpack
Regressi
Reko decompiler
Relative
Relock
reMarkable
Remindr
Remix IDE
RemNote
Remote Access
Remote Desktop
Remote Desktop Manager
Remote Desktop Manager Agent
Remote Desktop Plus
Remote help
Remote Helper App
Remote LAN Control
Remote Mouse
Remote System Monitor Server
Remote Utilities - Viewer
RemoteApp Tool
remoteit
Remotix
Remove Empty Directories
Rename My TV Series
ReNamer
RenderDoc
Renode
Renoise
RenPyCheatGenerator
Reolink
Reorproject Reor
ReplayWeb.page
Replit
reportify
Reqable
ReqView
RescueTime
ReShade Setup
Resizer
Resolume Arena
Resolume Avenue
Resource Hacker
Resource Tuner
Resource Tuner Console
ResourcesExtract
ResponsivelyApp
RestApia
Restfox
restic
resticprofile
retoolkit
RetroArch
RetroBar
RetroShare
Revo Scan 5
Revo Uninstaller
Revo Uninstaller Pro
Revolt
Rhash
Richmond
Rickclark Pullp
Rickrack
Ricochet
RICOH drivers and firmware
Ridibooks
Rigs of Rods
RimhillEx
RingCentral
Riotgames Leagueoflegends Br
Riotgames Leagueoflegends Eune
Riotgames Leagueoflegends Euw
Riotgames Leagueoflegends Jp
Riotgames Leagueoflegends Kr
Riotgames Leagueoflegends La1
Riotgames Leagueoflegends La2
Riotgames Leagueoflegends Na
Riotgames Leagueoflegends Oc1
Riotgames Leagueoflegends Ph2
Riotgames Leagueoflegends Ru
Riotgames Leagueoflegends Sg2
Riotgames Leagueoflegends Th2
Riotgames Leagueoflegends Tr
Riotgames Leagueoflegends Tw2
Riotgames Leagueoflegends Vn2
Riotgames Legendsofruneterra Asia
Riotgames Legendsofruneterra Sea
RipGrep GNU
RipGrep MSVC
RipShout
Rise of Kingdoms
Risen3D
RiseupVPN
RisohEditor
Rivatuner Statistics Server
Riweston Aztx
Rizin
Rkibria Frhed
RKWard
RMC Client
rmstale
Roam Research
Robinovitch61 Kl
Roblox Player
Robo 3T
RoboForm
RoboMirror
Rock Paper Scissors CLI
Rockbox Utility
Rocket Broadcaster
Rocket.Chat
RocketDock
RocketMQ Assistant
Rocks'n'Diamonds
Rode-Central
Rode-Connect
Roderickqiu Wnr
roforge
Rojetto Reneo Bone
Rojo
Rokkr
roku_remote_tool
Rolandmelkert Ldcad
Romankubiak Ctrlr
Romcenter
Room Sketcher
RoonBridge
Roonlabs Roon
RoonServer
RootsMagic 10
ropresence
RoslynPad
Royal Server
Royal TS
Royal TS V7
RoyalPro
RSI Launcher
RSS Guard
RStudio
Rtools
RTX Voice
Ruanmei Qiyu
Rubberduck
rubick
Ruby 2.6
Ruby 2.6 with MSYS2
Ruby 2.7
Ruby 3.0
Ruby 3.1
Ruby 3.2
RubyMine
RubyMine (EAP)
Rufus
run-hidden
RuneBook
RuneLite
Runescape Launcher
Runlet
Ruqola
Russellbanks Komac
Rust (GNU)
Rust (MSVC)
RustDesk
RustRover
RustRover (EAP)
Rustup
RVG Launcher
RVTools
Rwxrob Pomo
RXSSTV
RxView
Rye
Rymdport
RyuSAK
Ryzen Controller
S3 Browser
S3Scanner
Saasgroup Tower
Sabaki
SABnzbd
Safari
Safe Exam Browser
SafeNet Authentication
Safenet drivers and firmware
SafeSignICStandar
SAGAGIS
Sage 50 Accounting
SageThumbs
Sailcut CAD
Saladtechnologies Salad
SalesPrix
Salt Minion
SameBoy
SammyWidgets
Samsung AllShare
Samsung DeX
Samsung Q1 Windows Vista Manual
SamyGO Shell Enabler
San Andreas Multiplayer
Sanctum
Sandakan Nora
Sandboxie
Sandboxie-Plus
Sandreas Tone
Sangoma Zulu
SanityCheck
Sanjin Thief
SAO Utils
SAO Utils 2
SapMachine 11 JDK
SapMachine 11 JRE
SapMachine 17 JDK
SapMachine 17 JRE
SapMachine 21 JDK
SapMachine 21 JRE
SapMachine 22 JDK
SapMachine 22 JRE
SapMachine 23 JDK
SapMachine 23 JRE
SatDump
Satisfactory Mod Manager
SauceConnect
Save Wizard for PS4 MAX
Sayuri Ffftp
SBOM Tool
Sbt
Scala CLI
Scala Scala 2
SCANOSS SBOM Workbench
ScanPrix
ScanScan
ScanSnap Home
ScanSnap Manager
Scantailor-Experimental
Scarab
Scaryrawr Sl
SceneBuilder
SceneBuilder 18
SchemaCrawler
schild.report
SchildiChat
Schollz Croc
Schrodinger Pymol
Scid vs PC
SciDAVis
ScienceFair
scilab
Scimusmn Stele
Scintilla Sc1
SciTE4AutoIt3
Scorpio Sco
Scorpio Scov
Scottmckendry Pat
scpterminal
Scratch
Scratch 3
Scratch For Discord
Scratch Link
scrcpy
scrcpy+
Screen Highlighter
Screen Highlighter Pro
Screenbox
Screencast
ScreenCloud
ScreenCloud Player
ScreenConnect
ScreenConnect Client
ScreenGridy
ScreenHunter
ScreenPlay
Screenpresso
ScreenRecorder
Screenshot Captor
Screenshot Crop
ScreenToGif
Scribe Desktop Capture
Scriber
Scribus
Scrivener
scrumchrono
Scryer Prolog
ScummVM
sd - search & displace
SDelete
SDL Trados Studio 2021 SR2
SDR-Radio.com (SDR Console)
SDR-Radio.com (V3)
SDRangel
SEA-OSS Access
SeaDrive
Seafile
SeaMonkey
Seanime Desktop
Search Deflector
SearchMyFiles
Seaside Multi Skype Launcher
SeaTools
SeaTools for Windows
Seatsmart
SecEditCtl.BOC
SecEditCtlHost.BCM.Setup
SecEditCtlHostAdv.ICBC.Setup
SecretChat
Secrets OPerationS
Securepoint SSL VPN
SecureUxTheme
Seelen UI
seewo browser
SeewoFileTransfer
SeewoHugo
SeewoIotManage
SeewoIwbAssistant
SeewoPincoGroup
SEGGER Embedded Studio for ARM
Sejda PDF Desktop
Semanta Modeler
Send Anywhere
Sendme
Sensobase
Sentinel CLI
sentry-cli
SereneScreen Marine Aquarium 3
Serial Lab
Serial Port Monitor
Serial to Ethernet Connector
Series Comic Viewer
SeriLink Serial Monitor
serizawa
Serust
ServerEnterprise
Serverless Framework
Service Bus Explorer
ServiceFabricSDK
ServiceTool
Session
Session Manager Plugin
SetMate
SetupOmapRevitPlugint1
sfdx-cli
sforzando
SFTPGo
Sfx101 Deck
Shadow
Shadowsocks Electron
shadowsocks-windows
ShanaEncoder
Shapr3D
Sharedown
ShareFile For Windows
SHAREVOX
ShareX
Sharik
Sharkdp Bat
Sharkdp Fd
Sharkdp Hexyl
Sharperlight 5.4
SharpKeys
Sheet Stats
Sheet Viewer
ShellCheck
ShelTasks CLI
Sherwood
Shift
Shiftup Nikke
Shilihu Mubu
Shimo
shiori
ShirosakiYuudai
ShogiGUI
Shotcut
ShowDesktop
ShowMyPC
ShowWhatProcessLocksFile
SHPlayer
Shroud of the Avatar
Shuitun
Shure Update Utility
ShurePlus MOTIV
ShutdownCountdown
Shutter
Shuttle
Siarheikuchuk Butil
Sidebar Diagnostics
Sidekick
Sideloadly
SideQuest
Sigcheck
Sigil-Ebook Sigil
Sigma file manager
Sigmira
Signa 2010
Signal
Signal Beta
Signal Checker for DVB-T
SignalRgb
SignaturePrintClient
Sigoden Dufs
Sikalabs Slu
Silent Install Builder
Silent Install Builder Beta
silex-desktop
SimAir.io-Client
SimbaODBCDriver
SimilarImagesFinder
Simon's World Map
Simple Browser
Simple DNSCrypt
Simple IP Config
Simple Sticky Notes
Simple Web Server
Simple-TextToSpeech
SimpleCom
SimpleDockerUI
Simplenote
SimpleProgramDebugger
Simplest File Renamer
SimpleTex
SimpleTransfer Desktop
simplewall
SimpleX Chat
Simply Fortran 3
SimulIDE
sing-box
sioyek
sipgate softphone
SiriKali
Sit Healthy
SitdownMW
SiYuan
Sizer (Dev)
SJTU Canvas Helper
SKAARHOJUpdater
Skaffold
SkEditor
SketchUp
SketchUp Pro 2022
Skiff
SKTimeStamp
Sky Go
Skype
Skype for Business
Skype Insiders
SkypeFocusFix
Slack Beta
Slacktechnologies Slack
SLBrowser
Sleep Timer
SleepTimer Ultimate
Slice Master 6000
Slicer
Slick Cmd
SlideshowMa
Slik Subversion
Slite
Small Device C Compiler
Smallpdf
Smallstep Step
Smart Defrag
SMART Education Software
Smart Game Booster
Smart Install Maker
Smart Switch
Smart View
SmartEditor
SmartFTP Client
smartmontools
SmartpenService
SmartRename
SmartSlides
SmartSystemMenu
SmartTaskbar
SmarTTY
Smilegate Stove
smimesign
Smoke 'Em Out Struggle
Smokecloud Fdspp
SMPlayer
Snagit 2020
Snagit 2021
Snagit 2022
Snagit 2023
Snagit 2024
Snaildos Fifo
SnailFM
SnailKM
SnakeTail
Snap.Net
Snapmaker Luban
Snappy Driver Installer
Snappy Driver Installer Origin
Snapshot
Snaz
SnipCommand
Sniptool
Snoopwpf Snoop
Snowflake ODBC Driver
Snyk
SoapUI
Social Amnesia
Socially
SocketTools10
SODA for SPARC
SodaMusic
sofast
Soft Organizer
soft-serve
Softerra LDAP Browser
SoftMaker FreeOffice 2021
SoftMaker FreeOffice 2024
SoftMaker Office 2021
SoftMaker Office 2024
SoftMaker Office NX
SoftPerfect Network Scanner
SoftPerfect RAM Disk
Softsyst Qirx4
Softwarefreedomconservancy Qemu
Softwareok Q-Dir
SogouInput
SogouInputSkinEdito
SogouWBInput
Solar2D
Solemnwarning Rehex
SolidigmTM Storage Tool
Solve Elec
SolveSpace
SomePythonThings Zip Manager
Sonarr
Soneliem Waiua
Songlim327 Mpwt
Sonic Pi
Sonic Robo Blast 2
Sonic Robo Blast 2 Kart
Sonic Visualiser
SonicWall NetExtender
Sonixd
SonoBus
Sonos Controller
Sonos Controller
Sony Xperia Companion
SophiApp
Sophos Endpoint Agent
SoporteKM
Sorter
SoulseekQt
Sound Blaster Command
soundboard
SoundCheck
Soundfont Midi Player
Soundly
SoundModem
Soundscape
SoundSwitch
Soundtrack by Twitch
SoundTranscriber
SoundVolumeView
SoundWireServer
Soup Build
SourceGear DiffMerge
SourceGit
Sourcetrail 64-bit
SourceTree
Sovranti
Space Age seD
Space Thumbnails
spacectl
spacedesk Windows DRIVER
Spacedrive
SpaceEngine
SpaceEye
Spacemesh
SpaceSniffer
Spark Desktop
SparkleShare
Sparrow Bitcoin Wallet
Spatie Ray
Speccy
Special K
Spectral
SpectraVue
Speed-Soft Pingt
SpeedCrunch
SpeedFan
SpeedManager
Speedtest by Ookla
Speedtest CLI
Speek
Spencer
Spencersoft Chess
Spice agent
Spice webdavd
Spicetify
Splash
Splashtop Business
Splashtop Personal
Splashtop Sos
Splashtop Splashtopstreamer Deplo
Splashtop Streamer
Splashtop Streamer Deployment
Splashtop Wired XDisplay Agent
SPlayer
SpleeterGUI
SplitCam
Splunk Acs
Spooky View
SpotiFlyer
Spotify
spotify_player
Spotube
spright
springlobby
SprintPlus Viewer
Spy Server
Spybot Anti-Beacon
Spyder
Spyglass
SpyShelter
SQ MixPad
SQL Schema Compare
SQL Server 2019
SQL Server 2022
Sqlcmd Tools
sqlectron
SQLite
SQLiteStudio
SQLServerManagementStud
SQLyog Community
Square Cloud CLI
Squiid
SquirrelDisk
Squitch Tess
Srjuddington Slade
srt-align
SSDScopeApp
ssh-sync
SSHells
SSHFS-Win
SSHFS-Win Manager
SSIS Multiple Hash
SST Surge
SSTV Tools
Stacher
Stackless Python
Stacks
Standa
Standard ML of New Jersey
Standard Notes
Stanlys_Terminal
Star Trek Fleet Command
Starborne
StarConflict Launcher
Stardock Curtains
Stardock Fences 4
Stardock Fences 5
Stardock Start10
Stardock Start11
Starface UCC Beta
STARFACE UCC Client
StarMoney 14 Deluxe
starship
StartAllBack
StartIsBack++
StarUML
Status-Desktop
stay-hydrated
Steam Art Manager
Steam Link
Steam ROM Manager
Steam Token Dumper
Steam Tools NG
Steam-Library-Manager
SteamChina
SteamCleaner
SteamCMD
Steamless
SteaScree
Steel Bank Common Lisp
SteelSeries Engine
SteelSeries GG
Stefanberg Nina
Stefanmalzner Franz
Steinberg USB Driver
Stella
Stellar CLI
StellarExtrac
Stellarium
StellarPlayer
step-ca
Stephandilly Gitui
StepMania 5
Stevedore
Stickies
Sticky Password Manager
STIG Viewer
Still Alive
Stinker
STL-Thumb
Stockfish
stools
Stopawu
Stoplight Prism
Stoplight Studio
StorageEmulator
StorageExplorer
Str4D Rage
Strawberry Perl
Stream-Pi Client
Stream-Pi Server
StreamBop
streamer.bot
Streaming Video Downloader Lite
StreamingTool
Streamlabs Desktop
StreamlabsOBS
Streamlink
Streamlink Twitch GUI
Streamway OBS Plugin
Strem Application
Stremio
stressor
Stretchly
Strimio
Strings
Stripe Cli
Structured Storage Xplorer
StudentPick
Studio
Studio 3T
studio-cli
Studiocoast Vmix
StudioRack App
StudioTrans
Stuffmatic Fspy
Stuncloud Uwscr
Stunt Rally
Styluslabs Write
Sublime Merge
Sublime Merge (Dev)
Sublime Merge Dev
Sublime Text 3
Sublime Text 4
Sublime Text 4 (Dev)
Subordination
Subsurface
Subtitle Edit
Subtitle Speech Synchronizer
Subtitler
Succlz123 Acfun
Sucrose Wallpaper Engine
Sufone Qawl
SugarSync
SumatraPDF
SunplusIT drivers and firmware
Sunsama
Sunshine
Superace Updf
SUPERAntiSpyware
SuperCollider
SuperF4
Superhuman
Supermium
superpowered.me
superProductivity
SuperPuTTY
Superscript
SuperTux
SuperTuxKart
SupportAndRecoveryAssis
Surface Duo API30 Emulator
Surfshark
Surge XT
Suricata IDS/IPS
Surrealist
SurveillanceStationClien
SUSE Linux Enterprise 15 SP5
SUSE Linux Enterprise 15 SP6
Suside
SVG See
SwanIDE
Sweet Home 3D
Sweetscape Hamic
swerve
SWI-Prolog
Swift Toolchain
SwiftSearch
Swifty
Swig
Swiss CLI Tools
Switch
Switcheroo
SwitchHosts
Swittechnologiesinc Swit
Sxyazi Yazi
Sylpheed E-Mail Client
SylphyHornPlus
Symantec AgentInstall
Symantec WSS Agent
Symflower
Syncany
SyncBackFree
SyncBackPro
SyncBackSE
SyncMLViewer
SyncOutlookandGoogle
Syncplay
Syncplify.me Server!
SYNCROOM Ver.2
SyncTERM
Syncthing
Syncthing Tray
syncthingctl
SyncTrayzor
Synergy (64-bit)
Synfig Studio
Synology Acvtive Backup for Business
Synology Assistant
Synology Chat
Synology Drive Client
Synology Note Station Client
Synthesia
SysInternals
Sysmon
System Explorer
System Informer
System Informer (Canary)
SystemLoadTracker
Systweak Software Updater
SzArchiver
T.Viewer
Tabbyml Tabby
Tableau Desktop
Tableau Prep Builder
Tableau Public
Tableau Reader
TableCloth
TablePlus
Tabula
Tachidesk Server
Tachidesk Sorayomi
Tachidesk-JUI
Tachidesk-VaadinUI
Tag&Rename
Tagalog Baybayin (QWERTY)
Tagbanwa Baybayin (QWERTY)
tagLyst
TagScanner
TagSpaces
Tailscale
Tailviewer
Tailwind CSS
Taisei Project
Taistudio Sofia
Take Command 33
Talisman
Talkdesk Desktop
TalkingPenAssistant
talosctl
Tamara
Tamasfe Taplo
Tandem
tanuki-dr4
tanuki-wcsc33
Taomee Mole
tartube
Task
Task Separator 11
Taskade
Taskbar Groups
Tasmota Device Manager
tastytrade
tastyworks
Tauon Music Box
Tautulli
TaxCycle
TaxDome
Taxprep Forms
Tbillington Kondo
TcNo Account Switcher
tcping
TcpLogView
TCPView
Td-agent
tealdeer
Team-Aie Aie
Teambition
TeamDrive
TeamIDE
TeamMate
TeamSpeak 3 Client
TeamSpeak Beta
TeamTalk5
Teamviewer
TeamViewer Host
TeaSpeak - Client
TechPowerUp GPU-Z
TeconmoonWiiVCInj
TED Notepad
Tedit
TEDS-Editor
TegraRcmGUI
Telegrafer
Telegram Desktop
Telegram Desktop Beta
TELUS Business Connect Phone
Temp_Cleaner GUI
Temple
Ten Hands
Tenable Nessus
Tenacity
Tencent Edu
Tencent Meeting
Tencent Meeting Outlook Plugin
Tencent Qq
Tencent Qq Nt
Tencent Start
Tencent Tim
Tencent Ugit
Tencent Wecom
TencentDocs
TencentMeetingRooms
TencentVideo
TenClips
tenhou
Tenorshare
Tera Term
Tera Term 5
TeraBox
TeraCopy
TeradataBaseSuite
Terkelg Ramme
Terminals
Termite
Termius
Terraform Switcher
terraform-docs
Terraformer
Terragrunt
Terrastruct D2
Tesseract
TesseractOCR
Testcontainers Desktop
TestDisk
TestMace
testmyapp
TETR.IO
Texasinstruments Ti-Smartview Mat
Texasinstruments Ti-Smartview Ti
Texasinstruments Ti-Smartview Ti-
Texmacs
Texmaker
Texnomic SecureDNS Terminal
texpaste
TeXstudio
Text Grab
Text Paster
TextExpander
Textify
TextToMp3Converter
TextTools
TeXworks
TFLint
TfsCmdlets
TFTP Server
tgstation-server
Thaunknown Miru
The Bat!
The Desktop Watchmaker
The Desktop Watchmaker Widget
The Dude
The Looking-Glass
The Powder Toy
The Sage Dictionary
The Silver Searcher
the_center_desktop
The-Sz Banks
The-Sz Bear
The-Sz Doro
The-Sz Grand
The-Sz Lacey
The-Sz Palos
The-Sz Royal
The-Sz Spyex
The-Sz Trion
The-Sz Yale
Thebrowsercompany Arc
TheDesk
TheiaBlueprint
TheiaIDE
Thepyzoteam Pyzo
Thermal
Theseus2000
Thetis
TheWorld
Thonny
Thorium
Thorium (AVX2)
Those Funny Funguloids!
Threat-Dragon-ng
Threema For Desktop
threema-web
ThrottleStop
Ths
Ths Hevo
Thumbcache Viewer
Thumbs Viewer
Thunder
Thunder Speed
Thunder Xmp
Thunderbird
Thwani Uhm
Thycotic Agent
Thycotic Local Security Agent
ThycoticApplicationCon
TI ConnectTM
TI-Nspire CX Student Software
TI-NspireTM Computer Link
TickTick
Tidalmusicas Tidal
TigerVNC
TightVNC
Tigris Messenger
TikzEdt Beta
Tiled
Timber1900 Webdl
Time Series Admin
Time to Leave
Time Travel Debugging (TTD)
Time-Sync Client
Time-Sync Server
Timeclockwizard
timeit
TimeSpent
Timetable
TimeXtender
TimeXtender ODX
timoni
Tinn-R
Tiny RDM
TinyCAD
TinyCodes
TinyGo
TinyGUI
tinySA-App
TinyTask
TinyTERM
TinyTERM Enterprise TE Server
TinyTERM Plus for Web
TIPP10
tiptoi Manager
Titinko Utsu
TitulkyCom
Titus Classification
Tixati
TKey SSH Agent
TKeySign
TKeyVerification
Tldr-Pages Tlrc
TLFDADIDW
TmNationsForever
Toasterofbread Spmp
ToastFish
Toastify
Tobyallen Docto
Tockler
ToDesk
ToDesktop
todo-list
Todoist
Todolist
Toggl Track
TohokuItako
TohokuKiritan
TohokuZunko
tokumei-player-plus
tokumei-player-pp
Tomhudson Gron
Tonbrett
Toontown Rewritten
Toontown Rewritten Test
Top Data Protector
Topalasoftwaresolutions Siw
Topaz DeNoise AI
Topaz Gigapixel AI
Topaz Photo AI
Topaz Sharpen AI
Topaz Video Enhance AI
topgrade
Tor Browser
TorGuard
Torpedo Remote
TortoiseGit
TortoiseHg
TortoiseSVN
TOS Browser
Tosslab Jandi
tosutil
Total Commander
Total Registry
totp-cli
Touch Logon
Touch Portal
touchHLE
TouchVPN
Tough Cookies
Tower of Fantasy
Tox Qtox
Tp7 Sushi
TRACE 3D Plus
TrackmaniaForeverServer
Trading Paints
TradingView
Trados Studio 2022
Trados Studio 2024
Transcribe!
Transip Stack
TranslucentTB
TranSmart
Transmission
Transmission Remote GUI
tray-monitor
TrayStatus
tre-command
Tree Data Explorer
Treecell
TreeSize
TreeSize Free
Trelby
Trezor Bridge
Trezor Suite
TrguiNG
Tribler
TriGrid Windows Connector
Trillian
Trillian
Trillian (EXE)
Trinsic Okapi
TripleA
Triplex
Trippy
Trivia
Troy 2000
TrueConf
TrueCrypt
TrueTTY V3.33
TruGrid Windows Connector
Trusted QSL
TrustedSigningCli
Truthy
Trzsz
Trzsz Tssh
TSDuck
Tsl0922 Ttyd
TsurumakiMaki
TsurumakiMakiJPN
TSW Mod Manager
ttimer
TTS Now
TTUBase
TTUOdbc
Tuanjie Hub
Tucnak
tuf-client
tun2socks
TuneFlow
Tunepack
TunnelBear
TunnelBear
TurboTop
TurboVNC
TurboWarp
TurnedOnTimesView
TurtleEditor
Tutanota Desktop
TUtoolbox
Tux Paint
TuxGuitar
TViewer
TweakPower
TweakShot Screen Capture
Tweeten
Twingate Client
Twinkle Tray
Twinkstar Browser
Twitch CLI
Twitch Studio
TwitterTron
TypeCode
TypeFaster Typing Tutor
TypeRefHasher
TypeScript SDK
Typing Master
Typing Test
typioca
Typora
Typst
typstyle
U.S. Robotics Corporation Model 5637 Voice Driver
U+Works Messenger
Ubiquiti UniFi Network Server
Ubiquitiinc Ui
Ubisoft Connect
Ubuntu
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Ubuntu 22.04 LTS
Ubuntu 24.04 LTS
Ucberkeley Boinc
UCCloudDrive
Udemy Coupon Fetcher
Udifuchs Ufraw
UDS Enterprise Client
UE Explorer
UEStudio
Ugetdm Uget
UGREENNAS
UHK Agent
Ulab Xzaid
Ultimaker Cura
Ultimate Vocal Remover
ultimatecube
Ultra
Ultra Defragmenter
UltraEdit
UltraISO Premium
Ultramarin eRechnung Viewer
UltraMon
UltraSearch
UltraViewer
UltraVnc
Umbrella Roaming Client
Umbrella Roaming Client
Umbrello
UML .FRI
Unbound
Unchecky
Uncolored
Uncrustify Code Beautifier
Undeluxe
UndertaleModTool
unetbootin
Unfx Proxy Checker
UnicornHTTPS
Unifaun OnlinePrinter
UniFi Network Application
Unified Remote
UnifiedLogReader
UniGetUI (formerly WingetUI)
Unigine Superposition Benchmark
Unigine Valley Benchmark
Unigram
UniKey
Uninstall Tool
UninstallTool
Unity 2020
Unity 2020 (CN Version)
Unity 2021
Unity 2021 (CN Version)
Unity 2022
Unity 2022 (CN Version)
Unity 2023
Unity 2023 (CN Version)
Unity 6000
Unity 6000 (CN Version)
Unity DevOps Version Control
Unity Hub
Universal
Universal Adb Driver
Universal Android Debloater GUI
Universal Ctags
Universal Extractor
Universal Media Server
Universal Radio Hacker
Universal Silent Switch Finder
Universal x86 Tuning Utility
Universal-Debloater-Alliance Uad-
UniversalForwarder
Universityofamsterdam Praat
Universityofwaikato Weka
Univrsal Scrab
Univrsal Tuna
Unknown-Horizons
unlimited-clipboard
Unofficial Google Docs
Unowhy Tools
Unreal Commander
Unrealsoftware Cs2D
Unsplash Wallpapers
Upcount
Update Watcher for AdoptOpenJDK
UpdateHub
Uplink
UPnP Wizard
Upscayl
Upx
Upyun Manager
UrBackup
us3browser
USB Device Tree Viewer
USB Drive Letter Manager
USB Network Gate
USB Safely Remove
UsbDriveInfo
usbipd-win
USBLogView
USBPcap
Useful Tools for Windows
UserDiag
Ut Video Codec Suite
Utaformatix
Utilso
uTools
Utox
UUP Media Creator
UVtools
UWPHook
UXL Launcher
UXP WebView
V.S. Whitty Full Week
V2Ray Electron
v2rayA
v2rayN
Vagrant
VALORANT (Asia-Pacific server)
VALORANT (Brazil server)
VALORANT (Europe server)
VALORANT (Korea server)
VALORANT (Latin America server)
VALORANT (North America server)
Valorant Randomizer
Valve Steam
VanillaRenewed
VapourSynth
Variar Klogg
VASSAL
VAT-Spy
Vatis-Project Vatis
VBAN Receptor
VBAN Talkie
VBinDiff
VBoxHeadlessTray
vcluster
Vcmi
vcredist
VCV Rack
VcXsrv
Vcync Modv
VdhCoApp
Veeam Agent
VeeCAD
Velociraptor
Velocity
Vencord
Ventoy
VeraCrypt
Vercel Hyper
Version-Fox Vfox
Very Sleepy
Vesktop
Veyonsolutions Veyon
Viana.NET
VicDiary
Victoria
VidBatch
VidCoder
VidCoder Beta
VidCutter
Video Comparer
Video Hub App 3 demo
Video Player
Videolan X264
Videomass
VideoPad Video Editor
VidJuice UniTube
view2er
Viewer Software USB/RS485
ViGEm Bus Driver
Vigoon
Villagers and Heroes
Vim
Vim Nightly
Violin
Virtio-win-guest-tools
Virtual Desktop Streamer
Virtual Magnifying Glass
Virtual MIDI Piano Keyboard
Virtual Serial Port Driver
VirtualCloneDrive
VirtualGL-Utils
VirtualHere USB Client
VirtualHere USB Server
VirtualSerialPortT
VirtViewer
VirusTotal Uploader
Virustotal Yara
VirusTotalUploader
Viscosity
VisionTeacher
Visit
ViStart
VistaSwitcher
Vistrax
Visual Boy Advance - M
Visual Family Tree
Visual Paradigm CE
Visual Studio 2013
Visual Studio 2015
Visual Studio 2017
Visual Studio 2019
Visual Studio 2022
Visual Studio BuildTools 2019
Visual Studio BuildTools 2022
Visual Studio Community 2022
Visual Studio Enterprise 2019
Visual Studio Enterprise 2022
Visual Studio Locator
Visual Studio Professional 2019
Visual Studio Professional 2022
VisualD
VisualGPSView
VisualSVN Server
VisualSVNRep
Vita3K
Vivaldi
Vivaldi (Snapshot)
ViveTool
ViVeTool GUI
vJoy Device Driver
VK Messenger
vlabeler
VLC
VMPlex Workstation
VMware Horizon Client
VMware Player
VMware Tools
Vngcorp Zalo
Voice Desktop
VoiceAttack
VoiceBot
VoiceHotKey
VoiceMacro
Voicemeeter
Voicemeeter Banana
Voicemeeter Potato
VOICEVOX
Vokabular WAV-Maker
Volanta
Volta
Volume Control
Volume2 Portable
VolumeLock
VoodooShield
VookiImageViewer
VooV Meeting
Vortex
Voyager
Voyagerx Vrew
VPKEdit
vplayer-next
VPN by Google One
VR Photo Converter
vrc-get
vrc-tail
VRCFaceTracking
VRChat Creator Companion
Vrcx
VRoid Studio
VS Code Config Helper
Vs. Hex
VSCodium
VSCodium Insiders
VSDC Free Screen Recorder
VSDC Free Video Editor
VSIX Bootstrapper
vSpatial Remote Desktop
VSTMidiDriver
vt-cli
VTFEdit
VTFEdit Reloaded
Vulkan Runtime
Vulkan SDK
Vup Cloud Storage
VUSC for Windows
VVV (Virtual Volumes View)
vvvv gamma
Vysor
W&T COM Port Redirector Legacy
W&T USB Redirector
W3Devices
Wabbitemu
Wacom Tablet
WACUP Installer
WagoApp
Wagoodman Dive
Wahao Electron-Igot
Wahibre Mtn
Waifu2x GUI
Wakatime for Desktop
WakeMeOnLan
WakeOnLan
Walkovertechnologies Giddh
WanCaiVR
wander
Wandersick Chmac
War Thunder Launcher
Warcraft Logs Uploader
Warframe
Wargaming.net Game Center
Warpinator
Warsow
Warzone 2100
Wasabi Wallet
WasmEdge
Wasmer
Wasmtime
watchex
WatchFaceStudio
WatchGuard System Manager
Waterfox
Wav2Bar
WavePad Sound Editor
Waves Central
wazero
Wazuh Agent
WeakAuras Companion
Weasel
Weasis
Web Filtering Proxy
Web PKI
Web Signer
WEB.DE MillionenKlick
Webberg Civet
WebCatalog
WebFortran
Webkiosk-Wrapper
WebKitty
WebM for Premiere
Webp Converter
webpicmd
WebRadio
Webroot SecureAnywhere
Website 2 APK Builder Pro
WebStorm
WebStorm (EAP)
Webstudio
webtoon-dl
WeChat
WeChat Beta
WEHAGO
Weigh Station
WeixinDevTools
WeiyunApp
WeiyunSync
Welink
welle.io
Wemod
WeMod Beta
Werwolv Imhex
WeSing
WeSingLiveAssistant
West Wind WebSurge
WeType
wewechat
Wexond
WezTerm
WFInfo
wfview
Whalebird
WhatPulse
WhatsappTray
WhatTheFile
wheelofnumfortune.avalonia
whepfrom
Which for Windows
whipinto
Whiteducksoftware Azctx
WhoCrashed
WHOIS WORKS
WHONET 2024
WHONET 5.6
WHONET Automation Tool
WhyNotWin11
WhySoSlow
WIA-Loader
Widelands
wifbox
WifiInfoView
WiFiman Desktop
WifiMouseServer
Wiimms ISO Tools
Wiimote Audio Player
WikidPad
WikidPad (Alpha)
WikiMed by Kiwix
Wikimedia Mwcli
WikiSearch
Wikivoyage by Kiwix
Wildix Collaboration
Wildix Integration Service
Wiliwili
WimyGit
win-capture-audio
win-sudo
win-vind
Win10Pcap
Win11React
Win32ContentPrepTool
Win32DiskImager
win32yank
Winaero Tweaker
Winamp
WinAuth
Winbox
Winbox Beta
WinCompose
WinDateFrom
WinDbg
Windhawk
WinDirStat
WinDirStat (Beta)
WinDjView
Window Centering Helper
Window Inspector
WindowResizer
Windows 10 Update Assistant
Windows Admin Center
Windows App Runtime
Windows App Runtime 1.5
Windows App Runtime 1.6
Windows App SDK
Windows Application Driver
Windows Defender updates
Windows Desktop Gadgets
Windows Driver Kit
Windows File Manager
Windows Journal
Windows Migration Assistant
Windows PC Health Check
Windows SDK
Windows Service Wrapper
Windows Subsystem for Linux
Windows Terminal
Windows Terminal Preview
Windows Update Viewer
windows_exporter
Windows-Spotlight
windows-terminal-quake
windows95
WindowsADK
WindowsFileAnalayzer
WindowsFirewallControl
WindowsGSM
WindowsInstallationAssi
WindowsLiveMailConvert
WindowSpace
WindowsVirtualDesktopAg
WindowsVirtualDesktopBo
WindowTop
Windroy
Windscribe
WinDynamicDesktop
WinEdt
WinFsp 2023
WinFsp 2024 Beta2
Wing 101
Wing Personal
Wing Pro
Winget-AutoUpdate
WingetCreate
WingetPathUpdater
Wings 3D
WinHTTrack Website Copier
winLAME
WinMerge
WinMerge Beta
winMoji
WinMute
WinNUT
WinObjEx64
WinPaletter
WinPcap
Winpinator
WinPower
winpython
winpython-dot
winpython-dot-pypy
winpython-pypy
WinRAR
WinRAR
WinScan2PDF
WinSCP
WinSCP RC
WinSetView
WinShell
WinSocat
WinSSH-Pageant
WinSSHTerm
Winstep Nexus
WinThruster
WinTin++
WinUAE 64-bit 5.3.0
WinZip
WinZip Self-Extractor
Wire
WireGuard
WireGuard
Wireless Workbench
Wireless Workbench 7
WirelessNetworkWatcher
WirelessSecurityAuditor
Wireshark
WireSock VPN Client
WireSock VPN Gateway
Wise AD Cleaner
Wise Data Recovery
Wise Disk Cleaner
Wise Duplicate Finder
Wise Folder Hider
Wise Game Booster
Wise Hotkey
Wise Memory Optimizer
Wise Program Uninstaller
Wise Toys
Wisedu Cat
Wisenet WAVE Client
Wisenet WAVE Server
WISER for Windows
wishlist
WiX Toolset
WiX Toolset Additional Tools
WiX Toolset Command-Line Tools
WizFile
WizKey
WizMouse
WizNote
WizTree
WK Radar
wkhtmltox
WL Downloader
WL Music
Woaitsaryan Regit
WodeABC
Wolfram Engine 14
WolvenKit Nightly
WonderPen
Wondershare Ani3D
Wondershare Anireel
Wondershare AniSmall
Wondershare Creative Center
Wondershare Cropro
Wondershare DemoCreator
Wondershare Democreator Cn
Wondershare DVD Creator
Wondershare EdrawMax
Wondershare EdrawProj
Wondershare FamiSafe
Wondershare Filmii
Wondershare Filmora 13
Wondershare Filmora Cn
Wondershare FilmoraPro
Wondershare HiPDF
Wondershare InClowdz
Wondershare MirrorGo
Wondershare MobileTrans
Wondershare Mockitt
Wondershare PDF Converter Pro
Wondershare PDF Reader
Wondershare PDFelement
Wondershare PDFelement 6
Wondershare PDFelement 6 Pro
Wondershare Pdfelement Cn
Wondershare Pdfreader Cn
Wondershare Recoverit
Wondershare Recoverit Cn
Wondershare Repairit
Wondershare Repairit Cn
Wondershare UBackit
Wondershare UniConverter 13
Wondershare UniConverter 14
Wondershare UniConverter 15
Wondershare UniConverter 16
Wondershare Uniconverter Cn
Wondershare Virbo
Wondershare Virbo Cn
WordLight
WordMark3
WordPress.com
WorkFlowy
Workman (US)
workoffice
Workrave
Worksmobile Naverworks
Workspace ONE Intelligent Hub
workspacer
workspacer beta
World of Warships ModStation
World of Workflows PE
Wowup
WowUp beta
WowUp with CurseForge
WowUp with CurseForge beta
Wox
Woyun Wolai
Wpd
WPS Office
Writage
Writerside (EAP)
WSA PacMan
WSA Sideloader
WSA System Control
WSA Tools
WsgiDAV
WSL Disk Shrinker
WSL Manager
WSL Toolbox
wslinternals
WSLtty
WTFast
Wu10Man
WuTility
wxBriscola
WXRecovery
wxUiEditor
X AIR Edit
X Minecraft Launcher
X Split Gamecaster
X-Mouse Button Control
X2Go Client for Windows
XAMPP 8.1
XAMPP 8.2
Xampprocky Tokei
Xavidop Cxcli
XBatteryStatus
Xbmcfoundation Kodi
Xcas
XCP-ng Center
Xemu-Project Xemu
Xencelabs
Xenia
Xenia-Project Xenia
XeniaCanary
Xerox WorkCentre
Xiaoetong
Xiaomi Cloud
Xiaomi Miui+
Xiaoyaoyixia Kook
Xibo Player
XiguaVideo
Ximalaya
XimalayaLive
XIVLauncher
Xlight FTP Server
xLights
XLJSCI
XMake build utility
XMedia Recode
XMeters
Xmind
XMind 8
Xming
XML Notepad
Xmoto
XNARedist
XnConvert
XnResize
XnView Classic
XnView MP
Xoofx Kalk
Xournal++
xpchrome
XPipe Portable
Xpipe-Io Xpipe
XplicitTrust Network Access
Xplorer
Xprotect
Xray-core
XSplit Broadcaster
XSplit Broadcaster PTR
XSplit VCam
xTool Creative Space
Xtreme Download Manager
Xtreme Download Manager Beta
XYplorer
XYplorer Portable
Y8 Browser
YACReader
Yacy
Yafp Ttth
Yandere Simulator
Yandex
Yandex Messenger
Yandex Music
Yandex.Disk
Yank Note
YAPA-2
YARC Launcher
Yarn
Yealink USB Connect
YES24 eBook
YesPlayMusic
Yet Another Bacnet Explorer
Yggdrasil Network
YingYongBao
YogaDNS
YoMail
York Network Trace
YoudaoNote
YoudaoPokeClass
YoudaoTongchuan
YoudaoTranslate
Youku
YouTube Music
YouTube Music Desktop App
YouTube Music for Desktop
youtube-dl
Youtube-mp3
YT Download
YT Spammer Purge
yt-dlg
yt-dlp
yt-dlp-gui
yt-dlp-nightly
ytarchive
YTDownloader
YTSubConverter
Yuanfudao
Yubico Authenticator
Yubico PIV Tool
YubiKey Manager
Yubikey Manager
YubiKey Manager CLI
YubiKey Personalization Tool
YubiKey Smart Card Minidriver
Yuccastream Tuna
yukari
Yumi Legacy (BIOS)
Yumi UEFI
yuqing-monitor-elect
YuzukiYukariRei
YXCalendar
YXFile
YXVideoMaker
Yy
YYAnchor
YYAudio
Z - Cpod
Z-Cron Scheduler
Z-Sharp
Zandronum
ZDaemon
Zebra Setup Utilities
Zebra Status Monitor
Zed Attack Proxy (ZAP)
Zee Drive
Zelloinc Zello
Zen Browser
Zen Browser (Optimized build)
Zentimo PRO
Zerabase
Zero Install
ZeroTier One
Zeta Resource Editor
Zettlr
Zettlr Beta
Zeus IDE
Zeus Lite
Zeus Radio
zg_mdm
zg_pkg
zg-ipchat
zg-zsso
Zhegui printing platform system
Zhegui upload platform system
Zhongshihuiyun Boom
Zig
Zigtools Zls
Zihun
Zim Desktop Wiki
Zint
ZNotify Cli
Zoho WorkDrive TrueSync
ZooKeeper Assistant
Zoom
Zoom Outlook Plugin
Zoom Rooms
Zoom Skype for Business Plugin
Zoom VDI Universal Plugin
Zoom VDI Workplace
Zoom Workplace (EXE)
Zoom Workspace
ZoomIt
ZoomRemoteControl
ZORG-ID Desktop App
Zotero
zoxide
ZSPACE
Zstandard
zTasker
Zugferdcommunity Qubaviewer
Zulip
Zulu 10
Zulu 12
Zulu 14
Zulu 9
Zulu JRE 12
Zulu JRE 9
ZWCAD 2025
Zwift
ZXPInstaller
ZY Player
Zyedidia Micro
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.

Learn More
Flexible Term; Flexible Service

Flexibility for your dynamic business

You need to get your arms around compliance and security and don't want to get locked into “high watermark” monthly invoices or multi-year contracts.

Pay-as-you-need monthly pricing

DIY, full management, and coaching options

CMMI, PCI, SOC2, Canadian Cybersecurity, Minimum Viable Secure Product, and other compliance support

Choose the plan that's right for you

Simple pricing. No hidden fees. Advanced features for you business.

Month
Annual

Get 2 months free with Annual!
DIY

Security-focused RMM

C$3.25 /computer/Month

C$32.50 /computer/Year

  • 1 computer
    or 1 of the following cloud integrations:
    AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
    (each integration counts as 1 computer)
  • 50+ application patches
  • 30-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall® support
  • Sophos MDR: C$13.50/desktop
    Sophos MDR: C$162/desktop
  • Huntress: C$5.40/device
    Huntress: C$64.80/device
  • Available white-label support for end users
  • Level 3+ IT support for IT
  • Weekly IT coaching sessions
Popular
Managed Security & Support

Unlimited end-user support

C$160 /user/Month

C$1,600 /user/Year

  • 1 computer/user
    Additional devices charged at DIY prices
  • AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
  • 350+ application patches
  • 90-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall® support
  • Sophos MDR Essentials
  • Huntress
  • White-label email and phone support for end users
  • Level 3+ IT support for IT
  • Weekly IT coaching sessions
  • Automatic discount and upgrade to Support & Coaching after 15 users
Support & Coaching

Improve your IT performance

$2,250 /Month

$22,500 /Year

  • 25 computers included
    Additional computers charged at DIY prices
  • AWS, Axcient, Connectwise, Datto, Google, Huntress, M365, Sophos Central integrations
  • 350+ application patches
  • 90-day Logs
  • Security configuration monitoring
  • Anomaly detection
  • CMMI, MVSP, CyberCanda compliance
  • Lavawall®-only support
  • Sophos MDR Essentials
  • Huntress
  • White-label email and phone support for 15 users included Additional: C$150/user Additional: C$1,500/user
  • L3 IT support for IT
  • Weekly IT coaching sessions

Frequently Asked Questions

If you can not find answer to your question in our FAQ, you can always contact us or email us. We will answer you shortly!

General Questions

The three big catalysts for Lavawall® were:
  1. Two years after a missing Plex Media Server led to the LastPass breach, the Remote Monitorign and Management (RMM) tools availabel for Manged IT Service Providers (MSPs) still didn't monitor for it.
    Going through industry-specific applications, we noticed many were missing from the big RMM and patching providers. MSPs, insurance providers, and organizations that put their cleints at risk need to know about these risks, which lead to the largest number of critical audit findings and breaches
  2. After 20 years of writing the same audit findings about system configurations, Payment Card Industry (PCI) compliance, and missing patches, our technical co-founder wanted to make it easier fo avoid these findings
  3. The existing risk visibility tools for insurance underwriters took a shallow look at Internet-facing risks. They -- along with all businesses -- need a deeper view of the threats that could actually lead to breaches.

Lavawall® breaks vulnerabilities into the following groups:
  • Domain risks
  • Operating System (OS) patches
  • Application patches
  • Network vulnerabilities
  • Cloud vulnerabilities
  • OS configurations

Yes!
You can use your own logo for the console and notifications. You can also use a CNAME to automatically brand your console.
Note: you cannot currently re-proxy the CNAME to Lavawall® through Cloudflare.

Yes!
Lavawall® supports the following operating systems:
  • All versions of Windows 10 and 11.
  • Debian, Ubuntu, Mint, and RedHat-based Linux distributions
  • MacOS

    • Lavawall® does not currently support non systemd distributions, such as Devuan, Artix Linux, PCLinuxOS, OpenWRT, and DD-WRT. However, we will support them by the end of 2024.
    In June 2024, we combined the Windows and Linux systems for a consistent experience. This added support for RedHat and MacOS.
    Privacy & Security

    We encourage primary authentication for Lavawall® through Passkeys or Single Sign On (SSO).
    However, we do allow passwords and use passwords as part of the zero-knowledge encryption for your clients' sensitive data, such as Bitlocker keys and Personally-Identifiable Information (PII).
    These passwords use Argon2id slow hashes with individual salts and peppers.

    Yes! Lavawall communicates with its endpoints through TLS. However, given that many of our clients want to be as secure as possible and have TLS inspection enabled, we allow for "insecure" connections with invalid certificates, which result from such configurations.
    We have added an additional secure tunnel that mimics the TLS process within the public TLS tunnel. This extra tunnel provides authentication and privacy for the workstations and the Lavawall® servers to prevent attacks such as the one that took down Solar Winds.

    We do not enable remote access tools like ScreenConnect unless you authorize them and are logged in. Lavawall® was not vulnerable to the ScreenConnect vulnerability because we install and uninstall it right before it's used. In addition, we give the option of linking to Access.

    Remote access is not enabled for read-only and audit situations.

    Lavawall®'s designer holds a CISSP and CISA. In addition, we have external and internal security reviews.

    Get In Touch

    Have a quick question and don't want to talk? Send us a quick note with the form below and we'll reply within one business day.

    NW Calgary:
    (By Appointment Only)
    ThreeShield Information Security Corporation
    600 Crowfoot Crescent N.W., Suite 340
    Calgary, Alberta
    T3G 0B4
    SE Calgary:
    (By Appointment Only)
    ThreeShield Information Security Corporation
    105, 11500 - 29th St. SE
    Calgary, Alberta
    T2Z 3W9
    Canada
    Phone
    +1-403-538-5053
    Sales Hours:
    9:00am to 5:00pm Mountain Time
    Support Hours:
    7:00am to 7:00pm Mountain Time
    On-Call Support Hours:
    24/7

    Monitor the real security risks with Lavawall®