Vulnerabilities (CVE)

Filtered by vendor Mozilla Subscribe
Filtered by product Firefox
Total 2584 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0779 2 Firebirdsql, Mozilla 3 Firebird, Firefox, Mozilla 2023-12-10 7.5 HIGH N/A
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2023-12-10 7.5 HIGH N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as,, and, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2004-0763 1 Mozilla 1 Firefox 2023-12-10 5.0 MEDIUM N/A
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
CVE-2004-2225 1 Mozilla 1 Firefox 2023-12-10 5.0 MEDIUM N/A
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.