VYPR

Mozilla

by Mozilla Corporation

Source repositories

CVEs (119)

  • CVE-2004-0764Aug 18, 2004
    risk 0.00cvss epss 0.03

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

  • CVE-2004-0765Aug 18, 2004
    risk 0.00cvss epss 0.01

    The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof…

  • CVE-2004-0718Jul 27, 2004
    risk 0.00cvss epss 0.02

    The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame…

  • CVE-2004-0478Jul 7, 2004
    risk 0.00cvss epss 0.01

    Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded…

  • CVE-2003-0594Apr 15, 2004
    risk 0.00cvss epss 0.02

    Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application…

  • CVE-2004-0191Mar 15, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

  • CVE-2003-1265Dec 31, 2003
    risk 0.00cvss epss 0.00

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.

  • CVE-2003-1492Dec 31, 2003
    risk 0.00cvss epss 0.01

    Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

  • CVE-2003-0300Jun 16, 2003
    risk 0.00cvss epss 0.03

    The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

  • CVE-2003-0298Jun 16, 2003
    risk 0.00cvss epss 0.02

    The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow…

  • CVE-2002-2061Dec 31, 2002
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

  • CVE-2002-2013Dec 31, 2002
    risk 0.00cvss epss 0.02

    Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

  • CVE-2002-1308Nov 29, 2002
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

  • CVE-2002-1091Oct 4, 2002
    risk 0.00cvss epss 0.04

    Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

  • CVE-2002-1126Sep 24, 2002
    risk 0.00cvss epss 0.02

    Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs,…

  • CVE-2002-0815Aug 12, 2002
    risk 0.00cvss epss 0.04

    The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted…

  • CVE-2002-0354Jun 25, 2002
    risk 0.00cvss epss 0.01

    The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText…

  • CVE-2002-0594Jun 18, 2002
    risk 0.00cvss epss 0.02

    Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

  • CVE-2002-0593Jun 18, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

Page 6 of 6