GCVE - cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:seamonkey:2.20:*:*:*:*:*:*:*

part: a version: 2.20 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Seamonkey (`9b67c4f8-e83e-55c8-8c3d-4a52e7d74102`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/seamonkey-project/seamonkey-2.53-comm`	purl2cpe	2026-06-01 10:17:53.407749
`pkg:mozilla/seamonkey`	purl2cpe	2026-06-01 10:17:53.407750
`pkg:rpm/fedora/seamonkey`	purl2cpe	2026-06-01 10:17:53.407752

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-1568`	vulnerable	2026-06-03 14:33:47.834577	Details available Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Published: 2014-09-25T17:00:00.000Z Updated: 2024-08-06T09:42:36.192Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.kb.cert.org/vuls/id/772676 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://rhn.redhat.com/errata/RHSA-2014-1307.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5607`	vulnerable	2026-06-03 14:33:22.269176	Details available Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. Published: 2013-11-20T11:00:00.000Z Updated: 2024-08-06T17:15:21.405Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.debian.org/security/2013/dsa-2820 https://security.gentoo.org/glsa/201504-01 http://www.ubuntu.com/usn/USN-2087-1 https://bugzilla.mozilla.org/show_bug.cgi?id=927687	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5604`	vulnerable	2026-06-03 14:33:22.104031	Details available The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.510Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-95.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 http://rhn.redhat.com/errata/RHSA-2013-1480.html http://rhn.redhat.com/errata/RHSA-2013-1476.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5603`	vulnerable	2026-06-03 14:33:22.100855	Details available Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.512Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-102.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://bugzilla.mozilla.org/show_bug.cgi?id=916404 https://security.gentoo.org/glsa/201504-01 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5602`	vulnerable	2026-06-03 14:33:22.097437	Details available The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.408Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 https://bugzilla.mozilla.org/show_bug.cgi?id=897678 http://rhn.redhat.com/errata/RHSA-2013-1480.html http://rhn.redhat.com/errata/RHSA-2013-1476.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5601`	vulnerable	2026-06-03 14:33:22.093302	Details available Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.550Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-100.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 http://rhn.redhat.com/errata/RHSA-2013-1480.html http://rhn.redhat.com/errata/RHSA-2013-1476.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5600`	vulnerable	2026-06-03 14:33:22.089326	Details available Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.438Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-100.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19172 https://security.gentoo.org/glsa/201504-01 http://rhn.redhat.com/errata/RHSA-2013-1480.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5599`	vulnerable	2026-06-03 14:33:22.085135	Details available Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.453Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-100.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 http://rhn.redhat.com/errata/RHSA-2013-1480.html http://rhn.redhat.com/errata/RHSA-2013-1476.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5597`	vulnerable	2026-06-03 14:33:22.081383	Details available Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.584Z Open on db.gcve.eu Reference links http://www.mozilla.org/security/announce/2013/mfsa2013-98.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://bugzilla.mozilla.org/show_bug.cgi?id=918864 https://security.gentoo.org/glsa/201504-01 http://rhn.redhat.com/errata/RHSA-2013-1480.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5596`	vulnerable	2026-06-03 14:33:22.077482	Details available The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.420Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=910881 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19066	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5595`	vulnerable	2026-06-03 14:33:22.073871	Details available The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.440Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/63421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18694 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://www.mozilla.org/security/announce/2013/mfsa2013-96.html https://security.gentoo.org/glsa/201504-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5593`	vulnerable	2026-06-03 14:33:22.070061	Details available The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.516Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19263 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html https://bugzilla.mozilla.org/show_bug.cgi?id=868327	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5591`	vulnerable	2026-06-03 14:33:22.066139	Details available Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.464Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=859892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 http://www.mozilla.org/security/announce/2013/mfsa2013-93.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5590`	vulnerable	2026-06-03 14:33:22.034289	Details available Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2013-10-30T10:00:00.000Z Updated: 2024-08-06T17:15:21.675Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://bugzilla.mozilla.org/show_bug.cgi?id=860123 https://security.gentoo.org/glsa/201504-01 http://www.mozilla.org/security/announce/2013/mfsa2013-93.html https://bugzilla.mozilla.org/show_bug.cgi?id=893572	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.