Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla mozilla 1.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2012-2714
The BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users via the audience identifier.
Browserid Project Browserid 7.x-1.0
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
8.8
CVSSv3
CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services (NSS) prior to 3.19.2.3 and 3.20.x and 3.21.x prior to 3.21.1, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7, allows remote malicious users to execute arbitrary code via crafted ASN.1 da...
Mozilla Network Security Services 3.19.2
Mozilla Network Security Services 3.20
Mozilla Network Security Services 3.20.1
Mozilla Network Security Services 3.21
Mozilla Firefox
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.1.1
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.6.1
Oracle Linux 5.0
Oracle Vm Server 3.2
Oracle Linux 6
Oracle Linux 7
7.5
CVSSv3
CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...
Mozilla Firefox 56.0
Mozilla Firefox Esr 52.4.0
Mozilla Thunderbird 52.4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2016-1978
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact b...
Mozilla Firefox
Mozilla Network Security Services
6.5
CVSSv3
CVE-2016-1938
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by lev...
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mozilla Nss
Mozilla Firefox
5.9
CVSSv3
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
3.7
CVSSv3
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl Openssl
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Hp Hp-ux B.11.31
Ibm Content Manager 8.5
Oracle Jrockit R28.3.6
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Oracle Jdk 1.8.0
Oracle Jre 1.7.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Suse Linux Enterprise Server 11.0
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Apple Mac Os X
Apple Iphone Os
1 Nmap script
4 Github repositories
1 Article
NA
CVE-2012-4929
The TLS protocol 1.2 and previous versions, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle malicious users to obtain plaintext HTTP head...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Mozilla Firefox
Google Chrome
14 Github repositories
NA
CVE-2012-2713
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users for requests that login a user to another web site.
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
NA
CVE-2011-4136
django.contrib.sessions in Django prior to 1.2.7 and 1.3.x prior to 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote malicious users to modify a session by triggering use of a key ...
Djangoproject Django
Djangoproject Django 1.2.5
Djangoproject Django 0.95
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.1.2
Djangoproject Django 1.0.1
Djangoproject Django 1.1
Djangoproject Django 1.2.1
Djangoproject Django 1.2.4
Djangoproject Django 0.91
Djangoproject Django 1.0.2
Djangoproject Django 1.2.3
Djangoproject Django 1.1.3
Djangoproject Django 1.2
Djangoproject Django 0.95.1
Djangoproject Django 0.96
Djangoproject Django 1.1.0
Djangoproject Django 1.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »