VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2005-0584May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

  • CVE-2005-1154May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope…

  • CVE-2005-0255May 2, 2005
    risk 0.00cvss epss 0.04

    String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service…

  • CVE-2005-0144May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

  • CVE-2005-1153May 2, 2005
    risk 0.00cvss epss 0.04

    Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

  • CVE-2005-0147May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.

  • CVE-2005-0578May 2, 2005
    risk 0.00cvss epss 0.00

    Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

  • CVE-2005-0230May 2, 2005
    risk 0.00cvss epss 0.03

    Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via…

  • CVE-2005-0590May 2, 2005
    risk 0.00cvss epss 0.02

    The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears…

  • CVE-2005-0141May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

  • CVE-2005-0752Apr 18, 2005
    risk 0.00cvss epss 0.04

    The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.

  • CVE-2005-0585Mar 25, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.

  • CVE-2005-0592Mar 25, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length…

  • CVE-2005-0143Mar 23, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

  • CVE-2005-0593Mar 4, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed…

  • CVE-2005-0231Feb 7, 2005
    risk 0.00cvss epss 0.03

    Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

  • CVE-2005-0145Jan 24, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.

  • CVE-2004-0908Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

  • CVE-2004-2227Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.

  • CVE-2004-0909Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege…

Page 158 of 159