Filtered by vendor Mozilla
Subscribe
Total
3404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||||
| CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
| Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2005-1477 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
| The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | |||||
| CVE-2005-4874 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 4.3 MEDIUM | N/A |
| The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | |||||
| CVE-2005-4685 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 6.4 MEDIUM | N/A |
| Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | |||||
| CVE-2006-0914 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.5 MEDIUM | N/A |
| Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | |||||
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
| CVE-2005-2703 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||||
| CVE-2004-1451 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. | |||||
| CVE-2004-1316 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | |||||
| CVE-2006-0915 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. | |||||
| CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||
| CVE-2004-0907 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code. | |||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | |||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | |||||
| CVE-2005-2262 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
| Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | |||||
| CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||||
| CVE-2004-0718 | 3 Firebirdsql, Mozilla, Netscape | 3 Firebird, Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
| The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||