VYPR

Vendor CVEs

Mozilla Corporation

All CVEs

3,626 total · sorted by risk
  • CVE-2004-1639Oct 26, 2004
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.

  • CVE-2004-1633Oct 25, 2004
    risk 0.00cvss epss 0.01

    process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.

  • CVE-2004-1634Oct 25, 2004
    risk 0.00cvss epss 0.01

    show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.

  • CVE-2004-1613Oct 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated…

  • CVE-2004-1614Oct 18, 2004
    risk 0.00cvss epss 0.01

    Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.

  • CVE-2004-0871Sep 16, 2004
    risk 0.00cvss epss 0.01

    Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie…

  • CVE-2004-0905Sep 14, 2004
    risk 0.00cvss epss 0.03

    Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

  • CVE-2004-0779Aug 18, 2004
    risk 0.00cvss epss 0.02

    The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to…

  • CVE-2004-0757Aug 18, 2004
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

  • CVE-2003-1044Aug 18, 2004
    risk 0.00cvss epss 0.01

    editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the…

  • CVE-2004-0762Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

  • CVE-2004-0759Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag.

  • CVE-2004-0765Aug 18, 2004
    risk 0.00cvss epss 0.01

    The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof…

  • CVE-2004-0764Aug 18, 2004
    risk 0.00cvss epss 0.03

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

  • CVE-2004-0761Aug 18, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

  • CVE-2003-1043Aug 18, 2004
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

  • CVE-2003-1042Aug 18, 2004
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

  • CVE-2003-1045Aug 18, 2004
    risk 0.00cvss epss 0.01

    votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.

  • CVE-2003-1046Aug 18, 2004
    risk 0.00cvss epss 0.01

    describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

  • CVE-2004-0758Aug 18, 2004
    risk 0.00cvss epss 0.03

    Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.

  • CVE-2004-0705Jul 27, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to…

  • CVE-2004-0718Jul 27, 2004
    risk 0.00cvss epss 0.02

    The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame…

  • CVE-2004-0706Jul 27, 2004
    risk 0.00cvss epss 0.00

    Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.

  • CVE-2004-0703Jul 27, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.

  • CVE-2004-0702Jul 27, 2004
    risk 0.00cvss epss 0.01

    DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.

  • CVE-2004-0704Jul 27, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.

  • CVE-2004-0707Jul 27, 2004
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

  • CVE-2004-0478Jul 7, 2004
    risk 0.00cvss epss 0.01

    Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded…

  • CVE-2003-0594Apr 15, 2004
    risk 0.00cvss epss 0.02

    Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application…

  • CVE-2004-0191Mar 15, 2004
    risk 0.00cvss epss 0.02

    Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

  • CVE-2003-1492Dec 31, 2003
    risk 0.00cvss epss 0.01

    Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

  • CVE-2003-1265Dec 31, 2003
    risk 0.00cvss epss 0.00

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.

  • CVE-2003-0602Aug 27, 2003
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as…

  • CVE-2003-0603Aug 27, 2003
    risk 0.00cvss epss 0.00

    Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.

  • CVE-2003-0298Jun 16, 2003
    risk 0.00cvss epss 0.02

    The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow…

  • CVE-2003-0300Jun 16, 2003
    risk 0.00cvss epss 0.03

    The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

  • CVE-2003-0152Apr 2, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.

  • CVE-2003-0155Apr 2, 2003
    risk 0.00cvss epss 0.02

    bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

  • CVE-2003-0013Jan 17, 2003
    risk 0.00cvss epss 0.02

    The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a…

  • CVE-2003-0012Jan 17, 2003
    risk 0.00cvss epss 0.00

    The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

  • CVE-2002-2260Dec 31, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page.

  • CVE-2002-2061Dec 31, 2002
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

  • CVE-2002-2013Dec 31, 2002
    risk 0.00cvss epss 0.02

    Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

  • CVE-2002-1308Nov 29, 2002
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

  • CVE-2002-1197Oct 28, 2002
    risk 0.00cvss epss 0.02

    bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.

  • CVE-2002-1198Oct 28, 2002
    risk 0.00cvss epss 0.01

    Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.

  • CVE-2002-1196Oct 28, 2002
    risk 0.00cvss epss 0.02

    editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of…

  • CVE-2002-1091Oct 4, 2002
    risk 0.00cvss epss 0.04

    Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

  • CVE-2002-1126Sep 24, 2002
    risk 0.00cvss epss 0.02

    Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs,…

  • CVE-2002-0804Aug 12, 2002
    risk 0.00cvss epss 0.01

    Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

Page 72 of 73