Total
2584 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2261 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | |||||
CVE-2005-0591 | 1 Mozilla | 1 Firefox | 2023-12-10 | 2.6 LOW | N/A |
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing." | |||||
CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 7.5 HIGH | N/A |
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | |||||
CVE-2004-1156 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
CVE-2004-0761 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | |||||
CVE-2004-2228 | 1 Mozilla | 1 Firefox | 2023-12-10 | 7.2 HIGH | N/A |
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | |||||
CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2023-12-10 | 10.0 HIGH | N/A |
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||||
CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | |||||
CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2023-12-10 | 4.6 MEDIUM | N/A |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||||
CVE-2004-1200 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | N/A |
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
CVE-2004-0764 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. | |||||
CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||||
CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||||
CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2023-12-10 | 5.0 MEDIUM | N/A |
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | |||||
CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2023-12-10 | 2.6 LOW | N/A |
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | |||||
CVE-2004-0757 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | |||||
CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | |||||
CVE-2004-2227 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. |