Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
CVE-2007-0981 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | |||||
CVE-2007-5340 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | |||||
CVE-2006-5464 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | |||||
CVE-2006-6971 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. | |||||
CVE-2008-0420 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. | |||||
CVE-2007-4039 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 4.3 MEDIUM | N/A |
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||
CVE-2006-6501 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | |||||
CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.0 MEDIUM | N/A |
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | |||||
CVE-2006-5455 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 2.6 LOW | N/A |
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | |||||
CVE-2007-1095 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | |||||
CVE-2007-3670 | 2 Microsoft, Mozilla | 2 Internet Explorer, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." | |||||
CVE-2008-0415 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." | |||||
CVE-2007-1092 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | |||||
CVE-2008-0304 | 3 Linux, Microsoft, Mozilla | 4 Linux Kernel, Windows, Seamonkey and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | |||||
CVE-2007-0009 | 3 Canonical, Debian, Mozilla | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | |||||
CVE-2007-2176 | 1 Mozilla | 1 Firefox | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175. | |||||
CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. |