VYPR

Mozilla

by Mozilla Corporation

Source repositories

CVEs (119)

  • CVE-2004-1450Dec 31, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.

  • CVE-2004-1200Dec 31, 2004
    risk 0.00cvss epss 0.02

    Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

  • CVE-2004-0907Dec 31, 2004
    risk 0.00cvss epss 0.00

    The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

  • CVE-2004-0908Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

  • CVE-2004-0906Dec 31, 2004
    risk 0.00cvss epss 0.00

    The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

  • CVE-2004-1451Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

  • CVE-2004-1449Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

  • CVE-2004-1753Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing…

  • CVE-2004-1316Dec 29, 2004
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being…

  • CVE-2004-1639Oct 26, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.

  • CVE-2004-1613Oct 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated…

  • CVE-2004-1614Oct 18, 2004
    risk 0.00cvss epss 0.01

    Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.

  • CVE-2004-0871Sep 16, 2004
    risk 0.00cvss epss 0.01

    Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie…

  • CVE-2004-0905Sep 14, 2004
    risk 0.00cvss epss 0.03

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

  • CVE-2004-0758Aug 18, 2004
    risk 0.00cvss epss 0.03

    Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.

  • CVE-2004-0759Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag.

  • CVE-2004-0761Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

  • CVE-2004-0762Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

  • CVE-2004-0757Aug 18, 2004
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

  • CVE-2004-0779Aug 18, 2004
    risk 0.00cvss epss 0.02

    The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to…

Page 5 of 6