Filtered by vendor Mozilla
Subscribe
Search
Total
1568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3089 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability. | |||||
| CVE-2005-1477 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.1 MEDIUM | N/A |
| The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | |||||
| CVE-2005-2968 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | |||||
| CVE-2005-2707 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | |||||
| CVE-2005-1153 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | |||||
| CVE-2005-2706 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 6.4 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | |||||
| CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-2268 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2005-2704 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | |||||
| CVE-2005-2703 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2005-2701 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. | |||||
| CVE-2005-0589 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. | |||||
| CVE-2005-0586 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. | |||||
| CVE-2005-0588 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | |||||
| CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 7.5 HIGH | N/A |
| The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | |||||
| CVE-2005-0593 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. | |||||
| CVE-2004-1156 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 4.3 MEDIUM | N/A |
| Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||
| CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||||
| CVE-2003-0594 | 1 Mozilla | 1 Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2017-10-11 | 4.6 MEDIUM | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||||
| CVE-2004-0906 | 1 Mozilla | 2 Mozilla, Thunderbird | 2017-10-11 | 4.6 MEDIUM | N/A |
| The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. | |||||
| CVE-2004-0908 | 1 Mozilla | 2 Mozilla, Thunderbird | 2017-10-11 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. | |||||
| CVE-2004-0718 | 3 Firebirdsql, Mozilla, Netscape | 3 Firebird, Mozilla, Navigator | 2017-10-11 | 7.5 HIGH | N/A |
| The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-0722 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2017-10-11 | 10.0 HIGH | N/A |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0769 | 1 Mozilla | 1 Bugzilla | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | |||||
| CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||||
| CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | |||||
| CVE-2004-1613 | 3 Mozilla, Redhat, Sgi | 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | |||||
| CVE-2004-0757 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | |||||
| CVE-2005-0143 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. | |||||
| CVE-2005-0144 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | |||||
| CVE-2005-0145 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | |||||
| CVE-2005-0146 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation. | |||||
| CVE-2005-0147 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | |||||
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2017-10-11 | 5.0 MEDIUM | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
| CVE-2004-0759 | 1 Mozilla | 1 Mozilla | 2017-10-11 | 6.4 MEDIUM | N/A |
| Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. | |||||
| CVE-2004-0760 | 1 Mozilla | 1 Mozilla | 2017-10-11 | 6.4 MEDIUM | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | |||||
| CVE-2005-0148 | 1 Mozilla | 1 Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. | |||||
| CVE-2005-0149 | 1 Mozilla | 2 Mozilla, Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | |||||
| CVE-2004-0761 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | |||||
| CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | |||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-0141 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 2.6 LOW | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. | |||||
| CVE-2005-0142 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-10-11 | 2.1 LOW | N/A |
| Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | |||||
| CVE-2005-0230 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.1 MEDIUM | N/A |
| Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." | |||||
| CVE-2005-0231 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | |||||
| CVE-2005-0232 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing." | |||||