Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
andrew smith vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7187
The Add-on SDK in Mozilla Firefox prior to 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.
Mozilla Firefox
NA
CVE-2015-4515
Mozilla Firefox prior to 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote malicious users to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.
Mozilla Firefox
NA
CVE-2012-3973
The debugger in the developer-tools subsystem in Mozilla Firefox prior to 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote malicious users to execute arbitrary code by leveraging the presence of the HT...
Mozilla Firefox 12.0
Mozilla Firefox 8.0
Mozilla Firefox 8.0.1
Mozilla Firefox 5.0
Mozilla Firefox 13.0
Mozilla Firefox
Mozilla Firefox 9.0.1
Mozilla Firefox 9.0
Mozilla Firefox 6.0
Mozilla Firefox 5.0.1
Mozilla Firefox 4.0
Mozilla Firefox 3.0.1
Mozilla Firefox 3.6.25
Mozilla Firefox 3.5.7
Mozilla Firefox 3.6.19
Mozilla Firefox 3.0.7
Mozilla Firefox 3.5.8
Mozilla Firefox 3.0.15
Mozilla Firefox 3.0.2
Mozilla Firefox 3.6.22
Mozilla Firefox 3.6.2
Mozilla Firefox 3.0.11
NA
CVE-2015-4518
The Reader View implementation in Mozilla Firefox prior to 42.0 has an improper whitelist, which makes it easier for remote malicious users to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG an...
Mozilla Firefox
6.5
CVSSv3
CVE-2016-2816
Mozilla Firefox prior to 46.0 allows remote malicious users to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
Mozilla Firefox
8.8
CVSSv3
CVE-2016-2811
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox prior to 46.0 allows remote malicious users to execute arbitrary code via vectors related to the BeginReading method.
Mozilla Firefox
8.8
CVSSv3
CVE-2016-2804
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 46.0 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Mozilla Firefox Esr 38.5.0
Mozilla Firefox Esr 38.4.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0
Mozilla Firefox Esr 38.5.2
Mozilla Firefox Esr 38.5.1
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.3.0
Mozilla Firefox Esr 38.2.1
Mozilla Firefox
Mozilla Firefox Esr 38.7.1
Mozilla Firefox Esr 38.7.0
Mozilla Firefox Esr 38.6.1
Mozilla Firefox Esr 38.6.0
Mozilla Firefox Esr 38.2.0
Mozilla Firefox Esr 38.1.1
1 Article
4.3
CVSSv3
CVE-2016-2820
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox prior to 46.0 does not properly restrict the origin of events, which makes it easier for remote malicious users to modify sharing preferences by leveraging access to the remote-report IFRAME ele...
Mozilla Firefox
7.5
CVSSv3
CVE-2016-2812
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox prior to 46.0 allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted w...
Mozilla Firefox
NA
CVE-2012-3962
Mozilla Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, Thunderbird prior to 15.0, Thunderbird ESR 10.x prior to 10.0.7, and SeaMonkey prior to 2.12 do not properly iterate through the characters in a text run, which allows remote malicious users to execute arbitrary cod...
Mozilla Firefox Esr 10.0.1
Mozilla Firefox Esr 10.0.2
Mozilla Firefox Esr 10.0.4
Mozilla Firefox Esr 10.0.6
Mozilla Firefox Esr 10.0.3
Mozilla Firefox Esr 10.0.5
Mozilla Firefox Esr 10.0
Mozilla Thunderbird Esr 10.0.5
Mozilla Thunderbird Esr 10.0
Mozilla Thunderbird Esr 10.0.1
Mozilla Thunderbird Esr 10.0.3
Mozilla Thunderbird Esr 10.0.4
Mozilla Thunderbird Esr 10.0.2
Mozilla Thunderbird Esr 10.0.6
Mozilla Firefox
Mozilla Firefox 12.0
Mozilla Firefox 9.0
Mozilla Firefox 8.0
Mozilla Firefox 5.0
Mozilla Firefox 4.0
Mozilla Firefox 4.0.1
Mozilla Firefox 3.6.25
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »