VYPR

Mozilla

by Mozilla Corporation

Source repositories

CVEs (119)

  • CVE-2005-1159May 2, 2005
    risk 0.00cvss epss 0.03

    The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which…

  • CVE-2005-0578May 2, 2005
    risk 0.00cvss epss 0.00

    Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

  • CVE-2005-0401May 2, 2005
    risk 0.00cvss epss 0.03

    FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of…

  • CVE-2005-0238May 2, 2005
    risk 0.00cvss epss 0.02

    The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing…

  • CVE-2005-1160May 2, 2005
    risk 0.00cvss epss 0.03

    The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

  • CVE-2005-1156May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

  • CVE-2005-0142May 2, 2005
    risk 0.00cvss epss 0.00

    Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper…

  • CVE-2005-1157May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be…

  • CVE-2005-0141May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

  • CVE-2005-0147May 2, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.

  • CVE-2005-1154May 2, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope…

  • CVE-2005-0585Mar 25, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.

  • CVE-2005-0592Mar 25, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length…

  • CVE-2005-0143Mar 23, 2005
    risk 0.00cvss epss 0.01

    Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

  • CVE-2005-0593Mar 4, 2005
    risk 0.00cvss epss 0.02

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed…

  • CVE-2005-0149Feb 15, 2005
    risk 0.00cvss epss 0.02

    Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

  • CVE-2004-2226Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.

  • CVE-2004-0909Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege…

  • CVE-2004-2659Dec 31, 2004
    risk 0.00cvss epss 0.01

    Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the…

  • CVE-2004-1156Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka…

Page 4 of 6