VulnerableCode Package Details - pkg:mozilla/Firefox@17.0.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-368m-kv1t-uuc3	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4210
VCID-4sy6-hed7-nkfz	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4205
VCID-8f2h-efz6-afak	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4206
VCID-azav-xevg-a3f1	Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.	CVE-2012-4214
VCID-f1ne-77t3-pfb5	Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL.	CVE-2012-4203
VCID-fjm1-sh4e-ufdu	Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar.	CVE-2012-5837
VCID-fwa9-k9ug-ffdg	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4201
VCID-p9t8-9m9m-rbg5	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-5841
VCID-qxjr-9644-e7h1	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-5830
VCID-rfff-uvmz-xbe4	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-5836
VCID-rgkp-48gp-kfb8	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4209
VCID-s7av-yexd-qyhh	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-5843
VCID-vdxf-4twx-yyfe	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4208
VCID-vvn3-2xv4-jycs	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4204
VCID-wbsm-vcr8-17ac	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4207
VCID-y56t-avfk-skg2	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2012-4202

Vulnerability

Summary

Aliases

VCID-368m-kv1t-uuc3

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4210

VCID-4sy6-hed7-nkfz

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4205

VCID-8f2h-efz6-afak

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4206

VCID-azav-xevg-a3f1

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

CVE-2012-4214

VCID-f1ne-77t3-pfb5

Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL.

CVE-2012-4203

VCID-fjm1-sh4e-ufdu

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar.

CVE-2012-5837

VCID-fwa9-k9ug-ffdg

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4201

VCID-p9t8-9m9m-rbg5

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-5841

VCID-qxjr-9644-e7h1

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-5830

VCID-rfff-uvmz-xbe4

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-5836

VCID-rgkp-48gp-kfb8

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4209

VCID-s7av-yexd-qyhh

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-5843

VCID-vdxf-4twx-yyfe

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4208

VCID-vvn3-2xv4-jycs

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4204

VCID-wbsm-vcr8-17ac

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4207

VCID-y56t-avfk-skg2

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2012-4202

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:17:59.352915+00:00	Mozilla Importer	Fixing	VCID-rfff-uvmz-xbe4	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-94.md	38.0.0
2026-04-01T13:17:57.974642+00:00	Mozilla Importer	Fixing	VCID-8f2h-efz6-afak	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-98.md	38.0.0
2026-04-01T13:17:57.631455+00:00	Mozilla Importer	Fixing	VCID-wbsm-vcr8-17ac	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-101.md	38.0.0
2026-04-01T13:17:57.550900+00:00	Mozilla Importer	Fixing	VCID-fwa9-k9ug-ffdg	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-93.md	38.0.0
2026-04-01T13:17:56.995123+00:00	Mozilla Importer	Fixing	VCID-f1ne-77t3-pfb5	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-95.md	38.0.0
2026-04-01T13:17:56.523664+00:00	Mozilla Importer	Fixing	VCID-y56t-avfk-skg2	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-92.md	38.0.0
2026-04-01T13:17:56.367369+00:00	Mozilla Importer	Fixing	VCID-368m-kv1t-uuc3	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-104.md	38.0.0
2026-04-01T13:17:54.270292+00:00	Mozilla Importer	Fixing	VCID-fjm1-sh4e-ufdu	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-102.md	38.0.0
2026-04-01T13:17:53.938401+00:00	Mozilla Importer	Fixing	VCID-azav-xevg-a3f1	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-105.md	38.0.0
2026-04-01T13:17:53.698459+00:00	Mozilla Importer	Fixing	VCID-vvn3-2xv4-jycs	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-96.md	38.0.0
2026-04-01T13:17:53.456110+00:00	Mozilla Importer	Fixing	VCID-qxjr-9644-e7h1	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-106.md	38.0.0
2026-04-01T13:17:53.161164+00:00	Mozilla Importer	Fixing	VCID-4sy6-hed7-nkfz	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-97.md	38.0.0
2026-04-01T13:17:52.717300+00:00	Mozilla Importer	Fixing	VCID-p9t8-9m9m-rbg5	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-100.md	38.0.0
2026-04-01T13:17:52.301441+00:00	Mozilla Importer	Fixing	VCID-s7av-yexd-qyhh	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-91.md	38.0.0
2026-04-01T13:17:51.395039+00:00	Mozilla Importer	Fixing	VCID-vdxf-4twx-yyfe	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-99.md	38.0.0
2026-04-01T13:17:50.829113+00:00	Mozilla Importer	Fixing	VCID-rgkp-48gp-kfb8	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-103.md	38.0.0