Total
109 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1159 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | |||||
CVE-2005-1153 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | |||||
CVE-2005-0215 | 1 Mozilla | 1 Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. | |||||
CVE-2005-0233 | 4 Mozilla, Omnigroup, Opera and 1 more | 6 Camino, Firefox, Mozilla and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
CVE-2005-0147 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | |||||
CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | |||||
CVE-2005-0399 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | |||||
CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2023-12-10 | 7.8 HIGH | N/A |
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | |||||
CVE-2005-0584 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 2.6 LOW | N/A |
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. | |||||
CVE-2005-0401 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 5.1 MEDIUM | N/A |
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | |||||
CVE-2006-0292 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | |||||
CVE-2005-1157 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | |||||
CVE-2005-2263 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. | |||||
CVE-2005-2260 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | |||||
CVE-2005-0592 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value. | |||||
CVE-2005-0144 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 2.6 LOW | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | |||||
CVE-2005-0149 | 1 Mozilla | 2 Mozilla, Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | |||||
CVE-2005-0578 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 2.1 LOW | N/A |
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory. | |||||
CVE-2005-2261 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2023-12-10 | 7.5 HIGH | N/A |
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | |||||
CVE-2002-0354 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2023-12-10 | 5.0 MEDIUM | N/A |
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. |