505087 : vulnerable Mozilla Firefox version: 14.0.1

Risk 5 : Web Services

A remote attacker could execute arbitrary commands on a client system, disclose certain sensitive information, or bypass certain security restrictions when the client browses to a malicious web site hosted by the attacker.

Mozilla is an Internet package containing a web browser, e-mail client, address book, and web page editor. Mozilla SeaMonkey is an application suite including web-browser, e-mail and newsgroup client, IRC chat client, and HTML editor. Mozilla Firefox is an enhancement of the Mozilla web browser. Cyberfox is a 64-bit browser based on Mozilla Firefox platform. This software is compatible with Windows Vista, Windows 7, and Windows 8. Waterfox is a 64-bit browser based on Mozilla Firefox platform. The Simple Object Access Protocol (SOAP) is a protocol which allows two applications to communicate using XML.

As a client application, all vulnerabilities in Firefox are caused when a crafted file or web page is accessed. Multiple Vulnerabilities fixed in Firefox 24.7 and 31, Cyberfox 31, and Waterfox 31 07/30/14 CVE 2014-1544 CVE 2014-1547 CVE 2014-1548 CVE 2014-1549 CVE 2014-1550 CVE 2014-1551 CVE 2014-1552 CVE 2014-1555 CVE 2014-1556 CVE 2014-1557 CVE 2014-1558 CVE 2014-1559 CVE 2014-1560 CVE 2014-1561 Firefox 24.7, Firefox 31, and Cyberfox 31 fixed multiple vulnerabilities, which can be exploited by malicious users to compromise a user's system. The vulnerabilities are due to: miscellaneous memory safety hazards. buffer overflow during Web Audio buffering for playback. use-after-free in Web Audio due to incorrect control message ordering; DirectWrite font handling; with FireOnStateChange event; while when manipulating certificates in the trusted cache. exploitable WebGL crash with Cesium JavaScript library. crash in Skia library when scaling high quality images. certificate parsing broken by non-standard character encoding. IFRAME sandbox same-origin access through redirect. Multiple Vulnerabilities fixed in Firefox 24.6 and 30, and Cyberfox 30 06/16/14 CVE 2014-1533 CVE 2014-1534 CVE 2014-1536 CVE 2014-1537 CVE 2014-1538 CVE 2014-1539 CVE 2014-1540 CVE 2014-1541 CVE 2014-1542 CVE 2014-1543 Firefox 24.6, Firefox 30, and Cyberfox 30 fixed multiple vulnerabilities, which can be exploited by malicious users to compromise a user's system. The vulnerabilities are: Miscellaneous memory safety hazards. Use-after-free and out of bounds issues found using Address Sanitizer. Clickjacking through cursor invisibility after Flash interaction. Use-after-free in Event Listener Manager. Use-after-free with SMIL Animation Controller. Buffer overflow in Web Audio Speex resampler. Buffer overflow in Gamepad API. Multiple Vulnerabilities fixed in Firefox 29, SeaMonkey 2.26, and Cyberfox 29.0.1 06/02/14 CVE 2014-1492 CVE 2014-1518 CVE 2014-1519 CVE 2014-1520 CVE 2014-1522 CVE 2014-1523 CVE 2014-1524 CVE 2014-1525 CVE 2014-1526 CVE 2014-1528 CVE 2014-1529 CVE 2014-1530 CVE 2014-1531 CVE 2014-1532 Firefox 29 and 24.5, SeaMonkey 2.26 and Cyberfox 29.0.1 fixed multiple vulnerabilities, which can be exploited by malicious users to gain escalated privileges, conduct spoofing attacks, bypass security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 28, SeaMonkey 2.25 and Cyberfox 28.0 03/19/14 CVE 2014-1493 CVE 2014-1494 CVE 2014-1496 CVE 2014-1497 CVE 2014-1498 CVE 2014-1499 CVE 2014-1500 CVE 2014-1502 CVE 2014-1504 CVE 2014-1505 CVE 2014-1508 CVE 2014-1509 CVE 2014-1510 CVE 2014-1511 CVE 2014-1512 CVE 2014-1513 CVE 2014-1514 Firefox 28 and 24.4, SeaMonkey 2.25 and Cyberfox 28.0 fixed multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 27, SeaMonkey 2.24, and Cyberfox 27.0 02/11/14 CVE 2014-1477 CVE 2014-1478 CVE 2014-1479 CVE 2014-1480 CVE 2014-1481 CVE 2014-1482 CVE 2014-1483 CVE 2014-1485 CVE 2014-1486 CVE 2014-1487 CVE 2014-1488 CVE 2014-1489 CVE 2014-1490 CVE 2014-1491 Firefox 27 and 24.3, SeaMonkey 2.24 and Cyberfox 27.0 fixed multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 26, SeaMonkey 2.23, and Cyberfox 26.0 12/16/13 CVE 2013-5609 CVE 2013-5610 CVE 2013-5611 CVE 2013-5612 CVE 2013-5613 CVE 2013-5614 CVE 2013-5615 CVE 2013-5616 CVE 2013-5618 CVE 2013-5619 CVE 2013-6629 CVE 2013-6630 CVE 2013-6671 CVE 2013-6672 CVE 2013-6673 Firefox 26 and 24.2, SeaMonkey 2.23 and Cyberfox 26.0 fixed multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 25.0.1, SeaMonkey 2.22.1, and Cyberfox 25.0.1 11/21/13 CVE 2013-1741 CVE 2013-2566 CVE 2013-5605 CVE 2013-5606 CVE 2013-5607 Firefox 25.0.1, 24.1.1, and 17.0.11, SeaMonkey 2.22.1, and Cyberfox 25.0.1 fixed multiple vulnerabilities, which can be exploited to bypass certain security restrictions and compromise a user's system. The vulnerabilities are due to vulnerable version of Network Security Services (NSS) library used in Mozilla projects. Multiple Vulnerabilities fixed in Firefox 25.0, SeaMonkey 2.22, and Cyberfox 25.0 11/07/13 CVE 2013-5590 CVE 2013-5591 CVE 2013-5592 CVE 2013-5593 CVE 2013-5595 CVE 2013-5596 CVE 2013-5597 CVE 2013-5598 CVE 2013-5599 CVE 2013-5600 CVE 2013-5601 CVE 2013-5602 CVE 2013-5603 CVE 2013-5604 Firefox 25.0, 24.1, and 17.0.10, SeaMonkey 2.22, and Cyberfox 25.0 fixed multiple vulnerabilities, which can be exploited to conduct spoofing attacks and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 24.0 and 17.0.9, SeaMonkey 2.21, and Cyberfox 24.0 09/26/13 CVE 2013-1718 CVE 2013-1719 CVE 2013-1720 CVE 2013-1721 CVE 2013-1722 CVE 2013-1724 CVE 2013-1725 CVE 2013-1726 CVE 2013-1728 CVE 2013-1729 CVE 2013-1730 CVE 2013-1732 CVE 2013-1735 CVE 2013-1736 CVE 2013-1737 CVE 2013-1738 Firefox 24.0 and 17.0.9, SeaMonkey 2.21, and Cyberfox 24.0 fixed multiple vulnerabilities, which can be exploited to gain escalated privileges, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 23.0 and 17.0.8, SeaMonkey 2.20, and Cyberfox 23.0 08/13/13 CVE 2013-1701 CVE 2013-1702 CVE 2013-1704 CVE 2013-1705 CVE 2013-1706 CVE 2013-1707 CVE 2013-1709 CVE 2013-1710 CVE 2013-1711 CVE 2013-1713 CVE 2013-1714 CVE 2013-1717 Firefox 23.0 and 17.0.8, SeaMonkey 2.20, and Cyberfox 23.0 fixed multiple vulnerabilities, which can be exploited to gain escalated privileges, conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 22.0 and 17.0.7 06/27/13 CVE 2013-1682 CVE 2013-1683 CVE 2013-1684 CVE 2013-1685 CVE 2013-1686 CVE 2013-1687 CVE 2013-1688 CVE 2013-1690 CVE 2013-1692 CVE 2013-1693 CVE 2013-1694 CVE 2013-1695 CVE 2013-1696 CVE 2013-1697 CVE 2013-1698 CVE 2013-1699 CVE 2013-1700 Firefox 22.0 and 17.0.7 fixed multiple vulnerabilities, which can be exploited to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 21.0 and 17.0.6 05/16/13 CVE 2013-0801 CVE 2013-1669 CVE 2013-1670 CVE 2013-1672 CVE 2013-1673 CVE 2013-1674 CVE 2013-1678 CVE 2013-1679 CVE 2013-1680 CVE 2013-1681 Firefox 21.0 and 17.0.6 fixed multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 20.0 and 17.0.5 and SeaMonkey 2.17 04/04/13 CVE 2013-0788 CVE 2013-0789 CVE 2013-0791 CVE 2013-0792 CVE 2013-0793 CVE 2013-0794 CVE 2013-0795 CVE 2013-0796 CVE 2013-0797 CVE 2013-0799 CVE 2013-0800 Firefox 20.0 and 17.0.5 and SeaMonkey 2.17 fixed multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. HTML Editor Use-After-Free Vulnerability 03/11/13 CVE 2013-0787 Firefox 19.0.2 and 17.0.4 and SeaMonkey 2.16.1 fixed a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error within the HTML editor when content script is run by the "document.execCommand()" function while performing certain internal editing operations. This can be exploited to reference data from already freed memory. Multiple Vulnerabilities fixed in Firefox 19.0 and 17.0.3 and SeaMonkey 2.16 02/21/13 CVE 2013-0765 CVE 2013-0772 CVE 2013-0773 CVE 2013-0774 CVE 2013-0775 CVE 2013-0776 CVE 2013-0777 CVE 2013-0778 CVE 2013-0779 CVE 2013-0780 CVE 2013-0781 CVE 2013-0782 CVE 2013-0783 CVE 2013-0784 Firefox 19.0 and 17.0.3 and SeaMonkey 2.16 fixed multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 17.0.2 and 10.0.12 and SeaMonkey 2.15 01/10/13 CVE 2013-0744 CVE 2013-0745 CVE 2013-0746 CVE 2013-0747 CVE 2013-0748 CVE 2013-0749 CVE 2013-0750 CVE 2013-0751 CVE 2013-0752 CVE 2013-0753 CVE 2013-0754 CVE 2013-0755 CVE 2013-0756 CVE 2013-0757 CVE 2013-0758 CVE 2013-0759 CVE 2013-0760 CVE 2013-0761 CVE 2013-0762 CVE 2013-0763 CVE 2013-0764 CVE 2013-0766 CVE 2013-0767 CVE 2013-0768 CVE 2013-0769 CVE 2013-0770 CVE 2013-0771 Firefox 17.0.2 and 10.0.12 and SeaMonkey 2.15 fixed multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 17.0 and 10.0.11 and SeaMonkey 2.14 11/22/12 CVE 2012-4201 CVE 2012-4202 CVE 2012-4203 CVE 2012-4204 CVE 2012-4205 CVE 2012-4206 CVE 2012-4207 CVE 2012-4208 CVE 2012-4209 CVE 2012-4210 CVE 2012-4212 CVE 2012-4213 CVE 2012-4214 CVE 2012-4215 CVE 2012-4216 CVE 2012-4217 CVE 2012-4218 CVE 2012-5829 CVE 2012-5830 CVE 2012-5833 CVE 2012-5835 CVE 2012-5836 CVE 2012-5837 CVE 2012-5838 CVE 2012-5839 CVE 2012-5840 CVE 2012-5841 CVE 2012-5842 CVE 2012-5843 Firefox 17.0 and 10.0.11 and SeaMonkey 2.14 fixed multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 16.0.2 and 10.0.10 and SeaMonkey 2.13.2 10/30/12 CVE 2012-4194 CVE 2012-4195 CVE 2012-4196 Firefox 16.0.2, 10.0.10, and SeaMonkey 2.13.2 fixed multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Multiple Vulnerabilities fixed in Firefox 16.0.1 and 10.0.9 and SeaMonkey 2.13.1 10/15/12 CVE 2012-4190 CVE 2012-4191 CVE 2012-4192 CVE 2012-4193 Firefox 16.0.1, 10.0.9, and SeaMonkey 2.13.1 fixed multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. Multiple Vulnerabilities fixed in Firefox 16 and 10.8 and SeaMonkey 2.13 10/11/12 CVE 2012-3982 CVE 2012-3983 CVE 2012-3984 CVE 2012-3985 CVE 2012-3986 CVE 2012-3987 CVE 2012-3988 CVE 2012-3989 CVE 2012-3990 CVE 2012-3991 CVE 2012-3992 CVE 2012-3993 CVE 2012-3994 CVE 2012-3995 CVE 2012-4179 CVE 2012-4180 CVE 2012-4181 CVE 2012-4182 CVE 2012-4183 CVE 2012-4185 CVE 2012-4186 CVE 2012-4187 CVE 2012-4188 Firefox 16.0, 10.0.8, and SeaMonkey 2.13 fixed multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. Multiple Vulnerabilities fixed in Mozilla Firefox 15 and SeaMonkey 2.12 08/30/12 CVE 2012-1956 CVE 2012-1970 CVE 2012-1971 CVE 2012-1972 CVE 2012-1973 CVE 2012-1974 CVE 2012-1975 CVE 2012-1976 CVE 2012-3956 CVE 2012-3957 CVE 2012-3958 CVE 2012-3959 CVE 2012-3960 CVE 2012-3961 CVE 2012-3962 CVE 2012-3963 CVE 2012-3964 CVE 2012-3965 CVE 2012-3966 CVE 2012-3967 CVE 2012-3968 CVE 2012-3969 CVE 2012-3970 CVE 2012-3971 CVE 2012-3972 CVE 2012-3973 CVE 2012-3974 CVE 2012-3975 CVE 2012-3976 CVE 2012-3977 CVE 2012-3978 CVE 2012-3980 Firefox 15 and SeaMonkey 2.12 fixed multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.

For information on most of the above bugs, see http://www.mozilla.org/projects/security/known-vulnerabilities.html Known Vulnerabilities in Mozilla. The multiple vulnerabilities fixed in Firefox 24.7 and 31, Cyberfox 31, and Waterfox 31 were reported in http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox31 Security Advisories for Firefox 31, https://8pecxstudios.com/hooray-your-cyberfox-is-up-to-date-31-0 Cyberfox 31.0, and https://www.waterfoxproject.org/development.php?fn_mode=fullnews&fn_id=70 Waterfox 31.0 Release. The multiple vulnerabilities fixed in Firefox 24.6 and 30, and Cyberfox 30 were reported in http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox30 Security Advisories for Firefox 30 and https://8pecxstudios.com/hooray-your-cyberfox-is-up-to-date-30-0 Cyberfox 30.0. The multiple vulnerabilities fixed in Firefox 29, SeaMonkey 2.26, and Cyberfox 29.0.1 were reported in http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox29 Security Advisories for Firefox 29 and https://8pecxstudios.com/hooray-your-cyberfox-is-up-to-date-29-0-1 Cyberfox 29.0.1. The multiple vulnerabilities fixed in Firefox 28, SeaMonkey 2.25 and Cyberfox 28.0 were reported in http://secunia.com/advisories/57500/ Secunia Advisory SA57500, http://secunia.com/advisories/57510/ Secunia Advisory SA57510, http://secunia.com/advisories/57505/ Secunia Advisory SA57505, and http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox28 Security Advisories for Firefox 28. The multiple vulnerabilities fixed in Firefox 27, SeaMonkey 2.24, and Cyberfox 27.0 were reported in http://secunia.com/advisories/56767/ Secunia Advisory SA56767, http://secunia.com/advisories/56787/ Secunia Advisory SA56787, http://secunia.com/advisories/56706/ Secunia Advisory SA56706, and http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox27 Security Advisories for Firefox 27. The multiple vulnerabilities fixed in Firefox 26, SeaMonkey 2.23, and Cyberfox 26.0 were reported in http://secunia.com/advisories/56002/ Secunia Advisory SA56002, http://secunia.com/advisories/56005/ Secunia Advisory SA56005, http://secunia.com/advisories/56050/ Secunia Advisory SA56050, http://www.mozilla.org/security/announce/2013/mfsa2013-104.html mfsa2013-104, http://www.mozilla.org/security/announce/2013/mfsa2013-105.html mfsa2013-105, http://www.mozilla.org/security/announce/2013/mfsa2013-106.html mfsa2013-106, http://www.mozilla.org/security/announce/2013/mfsa2013-107.html mfsa2013-107, http://www.mozilla.org/security/announce/2013/mfsa2013-108.html mfsa2013-108, http://www.mozilla.org/security/announce/2013/mfsa2013-109.html mfsa2013-109, http://www.mozilla.org/security/announce/2013/mfsa2013-111.html mfsa2013-111, http://www.mozilla.org/security/announce/2013/mfsa2013-112.html mfsa2013-112, http://www.mozilla.org/security/announce/2013/mfsa2013-113.html mfsa2013-113, http://www.mozilla.org/security/announce/2013/mfsa2013-114.html mfsa2013-114, http://www.mozilla.org/security/announce/2013/mfsa2013-115.html mfsa2013-115, and http://www.mozilla.org/security/announce/2013/mfsa2013-116.html mfsa2013-116. The multiple vulnerabilities fixed in Firefox 25.0.1, SeaMonkey 2.22.1, and Cyberfox 25.0.1 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-103.html mfsa2013-103, http://secunia.com/advisories/55732/ Secunia Advisory SA55732, and http://secunia.com/advisories/55766/ Secunia Advisory SA55766. The multiple vulnerabilities fixed in Firefox 25.0, SeaMonkey 2.22, and Cyberfox 25.0 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-93.html mfsa2013-93, http://www.mozilla.org/security/announce/2013/mfsa2013-94.html mfsa2013-94, http://www.mozilla.org/security/announce/2013/mfsa2013-95.html mfsa2013-95, http://www.mozilla.org/security/announce/2013/mfsa2013-96.html mfsa2013-96, http://www.mozilla.org/security/announce/2013/mfsa2013-97.html mfsa2013-97, http://www.mozilla.org/security/announce/2013/mfsa2013-98.html mfsa2013-98, http://www.mozilla.org/security/announce/2013/mfsa2013-99.html mfsa2013-99, http://www.mozilla.org/security/announce/2013/mfsa2013-100.html mfsa2013-100, http://www.mozilla.org/security/announce/2013/mfsa2013-101.html mfsa2013-101, and http://www.mozilla.org/security/announce/2013/mfsa2013-102.html mfsa2013-102. The multiple vulnerabilities fixed in Firefox 24.0 and 17.0.9, SeaMonkey 2.21, and Cyberfox 23.0 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-76.html mfsa2013-76, http://www.mozilla.org/security/announce/2013/mfsa2013-77.html mfsa2013-77, http://www.mozilla.org/security/announce/2013/mfsa2013-78.html mfsa2013-78, http://www.mozilla.org/security/announce/2013/mfsa2013-79.html mfsa2013-79, http://www.mozilla.org/security/announce/2013/mfsa2013-81.html mfsa2013-81, http://www.mozilla.org/security/announce/2013/mfsa2013-82.html mfsa2013-82, http://www.mozilla.org/security/announce/2013/mfsa2013-83.html mfsa2013-83, http://www.mozilla.org/security/announce/2013/mfsa2013-85.html mfsa2013-85, http://www.mozilla.org/security/announce/2013/mfsa2013-86.html mfsa2013-86, http://www.mozilla.org/security/announce/2013/mfsa2013-88.html mfsa2013-88, http://www.mozilla.org/security/announce/2013/mfsa2013-89.html mfsa2013-89, http://www.mozilla.org/security/announce/2013/mfsa2013-90.html mfsa2013-90, http://www.mozilla.org/security/announce/2013/mfsa2013-91.html mfsa2013-91, http://www.mozilla.org/security/announce/2013/mfsa2013-92.html mfsa2013-92, and http://secunia.com/community/advisories/54821 Secunia Advisory SA54821. The multiple vulnerabilities fixed in Firefox 23.0 and 17.0.8, SeaMonkey 2.20, and Cyberfox 23.0 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-63.html mfsa2013-63, http://www.mozilla.org/security/announce/2013/mfsa2013-64.html mfsa2013-64, http://www.mozilla.org/security/announce/2013/mfsa2013-65.html mfsa2013-65, http://www.mozilla.org/security/announce/2013/mfsa2013-66.html mfsa2013-66, http://www.mozilla.org/security/announce/2013/mfsa2013-68.html mfsa2013-68, http://www.mozilla.org/security/announce/2013/mfsa2013-69.html mfsa2013-69, http://www.mozilla.org/security/announce/2013/mfsa2013-70.html mfsa2013-70, http://www.mozilla.org/security/announce/2013/mfsa2013-72.html mfsa2013-72, http://www.mozilla.org/security/announce/2013/mfsa2013-73.html mfsa2013-73, http://www.mozilla.org/security/announce/2013/mfsa2013-75.html mfsa2013-75, and http://secunia.com/advisories/54385/ Secunia Advisory SA54385. The multiple vulnerabilities fixed in Firefox 22.0 and 17.0.7 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-49.html mfsa2013-49, http://www.mozilla.org/security/announce/2013/mfsa2013-50.html mfsa2013-50, http://www.mozilla.org/security/announce/2013/mfsa2013-51.html mfsa2013-51, http://www.mozilla.org/security/announce/2013/mfsa2013-53.html mfsa2013-53, http://www.mozilla.org/security/announce/2013/mfsa2013-55.html mfsa2013-55, http://www.mozilla.org/security/announce/2013/mfsa2013-56.html mfsa2013-56, and http://www.mozilla.org/security/announce/2013/mfsa2013-59.html mfsa2013-59. The multiple vulnerabilities fixed in Firefox 21.0 and 17.0.6 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-41.html mfsa2013-41, http://www.mozilla.org/security/announce/2013/mfsa2013-42.html mfsa2013-42, http://www.mozilla.org/security/announce/2013/mfsa2013-44.html mfsa2013-44, http://www.mozilla.org/security/announce/2013/mfsa2013-45.html mfsa2013-45, http://www.mozilla.org/security/announce/2013/mfsa2013-46.html mfsa2013-46, and http://www.mozilla.org/security/announce/2013/mfsa2013-48.html mfsa2013-48. The multiple vulnerabilities fixed in Firefox 20.0 and 17.0.5 and SeaMonkey 2.17 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-30.html mfsa2013-30, http://www.mozilla.org/security/announce/2013/mfsa2013-31.html mfsa2013-31, http://www.mozilla.org/security/announce/2013/mfsa2013-32.html mfsa2013-32, http://www.mozilla.org/security/announce/2013/mfsa2013-34.html mfsa2013-34, http://www.mozilla.org/security/announce/2013/mfsa2013-35.html mfsa2013-35, http://www.mozilla.org/security/announce/2013/mfsa2013-36.html mfsa2013-36, http://www.mozilla.org/security/announce/2013/mfsa2013-37.html mfsa2013-37, http://www.mozilla.org/security/announce/2013/mfsa2013-38.html mfsa2013-38, http://www.mozilla.org/security/announce/2013/mfsa2013-39.html mfsa2013-39, and http://www.mozilla.org/security/announce/2013/mfsa2013-40.html mfsa2013-40. The HTML Editor Use-After-Free vulnerability was reported in http://www.mozilla.org/security/announce/2013/mfsa2013-29.html mfsa2013-29. The multiple vulnerabilities fixed in Firefox 19.0 and 17.0.3 and SeaMonkey 2.16 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-21.html mfsa2013-21, http://www.mozilla.org/security/announce/2013/mfsa2013-22.html mfsa2013-22, http://www.mozilla.org/security/announce/2013/mfsa2013-23.html mfsa2013-23, http://www.mozilla.org/security/announce/2013/mfsa2013-24.html mfsa2013-24, http://www.mozilla.org/security/announce/2013/mfsa2013-25.html mfsa2013-25, http://www.mozilla.org/security/announce/2013/mfsa2013-26.html mfsa2013-26, http://www.mozilla.org/security/announce/2013/mfsa2013-27.html mfsa2013-27, and http://www.mozilla.org/security/announce/2013/mfsa2013-28.html mfsa2013-28. The multiple vulnerabilities fixed in Firefox 17.0.2 and 10.0.12 and SeaMonkey 2.15 were reported in http://www.mozilla.org/security/announce/2013/mfsa2013-01.html mfsa2013-01, http://www.mozilla.org/security/announce/2013/mfsa2013-02.html mfsa2013-02, http://www.mozilla.org/security/announce/2013/mfsa2013-03.html mfsa2013-03, http://www.mozilla.org/security/announce/2013/mfsa2013-04.html mfsa2013-04, http://www.mozilla.org/security/announce/2013/mfsa2013-05.html mfsa2013-05, http://www.mozilla.org/security/announce/2013/mfsa2013-06.html mfsa2013-06, http://www.mozilla.org/security/announce/2013/mfsa2013-07.html mfsa2013-07, http://www.mozilla.org/security/announce/2013/mfsa2013-08.html mfsa2013-08, http://www.mozilla.org/security/announce/2013/mfsa2013-09.html mfsa2013-09, http://www.mozilla.org/security/announce/2013/mfsa2013-10.html mfsa2013-10, http://www.mozilla.org/security/announce/2013/mfsa2013-11.html mfsa2013-11, http://www.mozilla.org/security/announce/2013/mfsa2013-12.html mfsa2013-12, http://www.mozilla.org/security/announce/2013/mfsa2013-13.html mfsa2013-13, http://www.mozilla.org/security/announce/2013/mfsa2013-14.html mfsa2013-14, http://www.mozilla.org/security/announce/2013/mfsa2013-15.html mfsa2013-15, http://www.mozilla.org/security/announce/2013/mfsa2013-16.html mfsa2013-16, http://www.mozilla.org/security/announce/2013/mfsa2013-17.html mfsa2013-17, http://www.mozilla.org/security/announce/2013/mfsa2013-18.html mfsa2013-18, and http://www.mozilla.org/security/announce/2013/mfsa2013-19.html mfsa2013-19. The multiple vulnerabilities fixed in Firefox 17.0 and 10.0.11 and SeaMonkey 2.14 were reported in http://www.mozilla.org/security/announce/2012/mfsa2012-91.html mfsa2012-91, http://www.mozilla.org/security/announce/2012/mfsa2012-92.html mfsa2012-92, http://www.mozilla.org/security/announce/2012/mfsa2012-93.html mfsa2012-93, http://www.mozilla.org/security/announce/2012/mfsa2012-94.html mfsa2012-94, http://www.mozilla.org/security/announce/2012/mfsa2012-95.html mfsa2012-95, http://www.mozilla.org/security/announce/2012/mfsa2012-96.html mfsa2012-96, http://www.mozilla.org/security/announce/2012/mfsa2012-97.html mfsa2012-97, http://www.mozilla.org/security/announce/2012/mfsa2012-98.html mfsa2012-98, http://www.mozilla.org/security/announce/2012/mfsa2012-99.html mfsa2012-99, http://www.mozilla.org/security/announce/2012/mfsa2012-100.html mfsa2012-100, http://www.mozilla.org/security/announce/2012/mfsa2012-102.html mfsa2012-102, http://www.mozilla.org/security/announce/2012/mfsa2012-103.html mfsa2012-103, http://www.mozilla.org/security/announce/2012/mfsa2012-104.html mfsa2012-104, http://www.mozilla.org/security/announce/2012/mfsa2012-105.html mfsa2012-105, and http://www.mozilla.org/security/announce/2012/mfsa2012-106.html mfsa2012-106. The multiple vulnerabilities fixed in Firefox 16.0.2 and 10.0.10 and SeaMonkey 2.13.2 were reported in http://www.mozilla.org/security/announce/2012/mfsa2012-90.html mfsa2012-90, and http://secunia.com/advisories/51144/ Secunia Advisory SA51144. The multiple vulnerabilities fixed in Firefox 16.0.1 and 10.0.9 and SeaMonkey 2.13.1 were reported in http://www.mozilla.org/security/announce/2012/mfsa2012-88.html mfsa2012-88, and http://www.mozilla.org/security/announce/2012/mfsa2012-89.html mfsa2012-89. The multiple vulnerabilities fixed in Firefox 16 and 10.8 and SeaMonkey 2.13 were reported in http://www.mozilla.org/security/announce/2012/mfsa2012-74.html mfsa2012-74, http://www.mozilla.org/security/announce/2012/mfsa2012-75.html mfsa2012-75, http://www.mozilla.org/security/announce/2012/mfsa2012-76.html mfsa2012-76, http://www.mozilla.org/security/announce/2012/mfsa2012-77.html mfsa2012-77, http://www.mozilla.org/security/announce/2012/mfsa2012-78.html mfsa2012-78, http://www.mozilla.org/security/announce/2012/mfsa2012-79.html mfsa2012-79, http://www.mozilla.org/security/announce/2012/mfsa2012-80.html mfsa2012-80, http://www.mozilla.org/security/announce/2012/mfsa2012-81.html mfsa2012-81, http://www.mozilla.org/security/announce/2012/mfsa2012-82.html mfsa2012-82, http://www.mozilla.org/security/announce/2012/mfsa2012-83.html mfsa2012-83, http://www.mozilla.org/security/announce/2012/mfsa2012-84.html mfsa2012-84, http://www.mozilla.org/security/announce/2012/mfsa2012-85.html mfsa2012-85, http://www.mozilla.org/security/announce/2012/mfsa2012-86.html mfsa2012-86, and http://www.mozilla.org/security/announce/2012/mfsa2012-87.html mfsa2012-87. The multiple vulnerabilities fixed in Mozilla Firefox 15 and SeaMonkey 2.12 were reported in http://www.mozilla.org/security/announce/2012/mfsa2012-57.html mfsa2012-57, http://www.mozilla.org/security/announce/2012/mfsa2012-58.html mfsa2012-58, http://www.mozilla.org/security/announce/2012/mfsa2012-59.html mfsa2012-59, http://www.mozilla.org/security/announce/2012/mfsa2012-60.html mfsa2012-60, http://www.mozilla.org/security/announce/2012/mfsa2012-61.html mfsa2012-61, http://www.mozilla.org/security/announce/2012/mfsa2012-62.html mfsa2012-62, http://www.mozilla.org/security/announce/2012/mfsa2012-63.html mfsa2012-63, http://www.mozilla.org/security/announce/2012/mfsa2012-64.html mfsa2012-64, http://www.mozilla.org/security/announce/2012/mfsa2012-65.html mfsa2012-65, http://www.mozilla.org/security/announce/2012/mfsa2012-66.html mfsa2012-66, http://www.mozilla.org/security/announce/2012/mfsa2012-67.html mfsa2012-67, http://www.mozilla.org/security/announce/2012/mfsa2012-68.html mfsa2012-68, http://www.mozilla.org/security/announce/2012/mfsa2012-69.html mfsa2012-69, http://www.mozilla.org/security/announce/2012/mfsa2012-70.html mfsa2012-70, http://www.mozilla.org/security/announce/2012/mfsa2012-71.html mfsa2012-71, and http://www.mozilla.org/security/announce/2012/mfsa2012-72.html mfsa2012-72.

Solution:

http://www.mozilla.org/download.html Upgrade to SeaMonkey 2.26 or higher, or Firefox 24.7 or higher, or Firefox 31, or Firefox higher than 17.0.11 for 17.x, or Firefox higher than 25.0.1 for 25.x, or install the latest http://www.mozilla.org/developer/#builds nightly build. Note: In later versions of Debian, Firefox is http://en.wikipedia.org/wiki/Naming_conflict_between_Debian_and_Mozilla known as Iceweasel. Iceape, a Debian-branded version of the Seamonkey has reached the end-of-life support. For Cyberfox, https://8pecxstudios.com/?page_id=52 upgrade to Cyberfox 31.0 or higher. For Waterfox, https://www.waterfoxproject.org/ upgrade to Waterfox 31.0 or higher.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2011-02-08
New Search
Keywords
Risk Factor
Start Date
End Date
Browse