The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SeaMonkey

weakness CVE-2018-6126

Skia: buffer overflow via SVG Rasterizing

Synthesis of the vulnerability

An attacker can generate a buffer overflow via SVG Rasterizing of Skia, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 07/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-271, CVE-2018-6126, DSA-4220-1, DSA-4237-1, FEDORA-2018-09b59b0227, FEDORA-2018-7c80aaef26, FEDORA-2019-7f7489dc8c, MFSA-2018-14, openSUSE-SU-2018:1616-1, openSUSE-SU-2018:2054-1, openSUSE-SU-2018:2055-1, RHSA-2018:1815-01, RHSA-2018:2112-01, RHSA-2018:2113-01, SSA:2018-157-01, SSA:2019-247-01, SUSE-SU-2018:1783-1, SUSE-SU-2018:1820-1, SUSE-SU-2018:2298-1, USN-3682-1, VIGILANCE-VUL-26331.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via SVG Rasterizing of Skia, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5150 CVE-2018-5151 CVE-2018-5152

Firefox: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 29.
Creation date: 09/05/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-230, CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5165, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5174, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5178, CVE-2018-5179, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182, CVE-2018-5183, DLA-1376-1, DSA-4199-1, FEDORA-2018-3f177356b0, FEDORA-2018-5c92e2a4ad, FEDORA-2018-f00e9aa912, FEDORA-2019-7f7489dc8c, MFSA-2018-11, MFSA-2018-12, openSUSE-SU-2018:1212-1, RHSA-2018:1414-01, RHSA-2018:1415-01, SSA:2018-129-01, SSA:2019-247-01, SUSE-SU-2018:1319-1, SUSE-SU-2018:1334-1, SUSE-SU-2018:2298-1, SUSE-SU-2019:2872-1, USN-3645-1, USN-3645-2, USN-3688-1, VIGILANCE-VUL-26085.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2018-5148

Firefox: use after free via Compositor

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Compositor of Firefox, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 27/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-151, CVE-2018-5148, DLA-1321-1, DSA-4153-1, FEDORA-2018-0e6e400e7a, FEDORA-2018-1c5750c688, FEDORA-2018-a61baabbac, FEDORA-2018-cf8e6c1a35, FEDORA-2018-d2d4ab5961, MFSA-2018-10, openSUSE-SU-2018:0843-1, RHSA-2018:1098-01, RHSA-2018:1099-01, SSA:2018-085-01, SSA:2018-120-02, SSA:2018-123-01, USN-3609-1, VIGILANCE-VUL-25657.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via Compositor of Firefox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2018-5146 CVE-2018-5147

Firefox: buffer overflow via Vorbis Audio Data

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Vorbis Audio Data of Firefox, in order to trigger a denial of service, and possibly to run code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-137, CVE-2018-5146, CVE-2018-5147, DLA-1319-1, DLA-1327-1, DSA-4143-1, DSA-4155-1, FEDORA-2018-1e32d78b95, FEDORA-2018-1fb6a24703, FEDORA-2018-9406d8e9aa, FEDORA-2018-a068ade416, FEDORA-2019-7f7489dc8c, MFSA-2018-08, openSUSE-SU-2018:0737-1, openSUSE-SU-2018:0818-1, openSUSE-SU-2018:0819-1, RHSA-2018:0549-01, RHSA-2018:0647-01, RHSA-2018:0648-01, SSA:2018-075-01, SSA:2019-247-01, USN-3545-1, USN-3599-1, VIGILANCE-VUL-25577, ZDI-18-263.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Vorbis Audio Data of Firefox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-5125 CVE-2018-5126 CVE-2018-5127

Firefox/Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 20.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-123, CERTFR-2018-AVI-149, CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5132, CVE-2018-5133, CVE-2018-5134, CVE-2018-5135, CVE-2018-5136, CVE-2018-5137, CVE-2018-5138, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142, CVE-2018-5143, CVE-2018-5144, CVE-2018-5145, DLA-1308-1, DLA-1327-1, DSA-4139-1, DSA-4155-1, FEDORA-2018-7011a8b0da, FEDORA-2018-92031bb1ed, FEDORA-2018-a39b4f76c8, FEDORA-2019-7f7489dc8c, MFSA-2018-06, MFSA-2018-07, MFSA-2018-09, openSUSE-SU-2018:0681-1, openSUSE-SU-2018:0818-1, openSUSE-SU-2018:0819-1, RHSA-2018:0526-01, RHSA-2018:0527-01, RHSA-2018:0647-01, RHSA-2018:0648-01, SSA:2018-072-01, SSA:2018-082-01, SSA:2019-247-01, USN-3545-1, USN-3596-1, USN-3596-2, USN-3688-1, VIGILANCE-VUL-25552.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-5089 CVE-2018-5090 CVE-2018-5091

Mozilla Firefox: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 33.
Creation date: 24/01/2018.
Revision date: 26/01/2018.
Identifiers: bulletinjan2018, CERTFR-2018-AVI-052, CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5110, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118, CVE-2018-5119, CVE-2018-5121, CVE-2018-5122, DLA-1256-1, DSA-4096-1, FEDORA-2018-0ce24a50c3, FEDORA-2018-6cdffa56a2, FEDORA-2018-781b88f72d, FEDORA-2018-b2d76ba048, FEDORA-2018-c6cb18d057, MFSA-2018-02, MFSA-2018-03, openSUSE-SU-2018:0203-1, RHSA-2018:0122-01, SUSE-SU-2018:0361-1, SUSE-SU-2018:0374-1, USN-3544-1, USN-3544-2, USN-3688-1, VIGILANCE-VUL-25144.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.

Note: only about one third of the vulnerabilities announced for the standard branch also apply to the ESR branch.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2017-7845

Firefox, Thunderbird: buffer overflow via ANGLE Library Using Direct 3D 9

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Severity: 4/4.
Creation date: 08/12/2017.
Identifiers: CERTFR-2017-AVI-455, CVE-2017-7845, FEDORA-2018-16a76da6cc, FEDORA-2018-3ec87df5ba, FEDORA-2018-4e65ec8cc4, FEDORA-2018-e1539d9bc6, FEDORA-2019-7f7489dc8c, MFSA-2017-28, MFSA-2017-29, MFSA-2017-30, SSA:2019-247-01, VIGILANCE-VUL-24705.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness 24664

Mail client: sender spoofing via Mailsploit

Synthesis of the vulnerability

An attacker can send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Severity: 3/4.
Creation date: 06/12/2017.
Identifiers: CERTFR-2017-ALE-019, Mailsploit, MFSA-2017-30, Synology-SA-17:82, VIGILANCE-VUL-24664.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Messaging clients interpret the From header to display the sender name.

However, using a Base64 or Quoted Printable encoding, and '\0' or '\n' characters, an attacker can force the displayed email address to be truncated.

An attacker can therefore send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2017-7843 CVE-2017-7844

Mozilla Firefox: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-446, CERTFR-2017-AVI-455, CVE-2017-7843, CVE-2017-7844, DLA-1202-1, DSA-4062-1, FEDORA-2017-1be05999bb, FEDORA-2017-2c15e19fb5, FEDORA-2017-bfd2d4afce, FEDORA-2018-16a76da6cc, FEDORA-2018-3ec87df5ba, FEDORA-2018-4e65ec8cc4, FEDORA-2018-e1539d9bc6, FEDORA-2019-7f7489dc8c, MFSA-2017-28, openSUSE-SU-2017:3272-1, RHSA-2017:3382-01, SSA:2019-247-01, VIGILANCE-VUL-24649.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7826 CVE-2017-7827 CVE-2017-7828

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 15.
Creation date: 14/11/2017.
Identifiers: CERTFR-2017-AVI-412, CERTFR-2017-AVI-431, CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842, DLA-1172-1, DLA-1199-1, DSA-4035-1, DSA-4061-1, DSA-4075-1, FEDORA-2017-463cb2af78, FEDORA-2017-7d33609b3d, FEDORA-2017-9a6569beb6, FEDORA-2017-b410301903, FEDORA-2017-e1e3fbcd3c, FEDORA-2019-7f7489dc8c, MFSA-2017-24, MFSA-2017-25, MFSA-2017-26, openSUSE-SU-2017:3027-1, openSUSE-SU-2017:3108-1, openSUSE-SU-2017:3110-1, RHSA-2017:3247-01, RHSA-2017:3372-01, SSA:2017-320-02, SSA:2019-247-01, SUSE-SU-2017:3213-1, SUSE-SU-2017:3233-1, USN-3477-1, USN-3477-2, USN-3477-3, USN-3477-4, USN-3490-1, USN-3688-1, VIGILANCE-VUL-24431.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SeaMonkey: