Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0777 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | |||||
| CVE-2007-3845 | 2 Microsoft, Mozilla | 4 Windows Xp, Firefox, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | |||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-1970 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. | |||||
| CVE-2007-5459 | 2 Itirou Maruta, Mozilla | 2 Mouseoverdictionary, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3844 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | |||||
| CVE-2007-6589 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
| The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | |||||
| CVE-2007-5335 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | |||||
| CVE-2007-0896 | 2 Mozilla, Sage | 2 Firefox, Sage | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | |||||
| CVE-2007-1116 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. | |||||
| CVE-2006-2788 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | N/A |
| Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. | |||||
| CVE-2006-2775 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | |||||
| CVE-2006-3811 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. | |||||
| CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. | |||||
| CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-28 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | |||||
| CVE-2005-1158 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | |||||
| CVE-2006-0916 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
| Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | |||||
| CVE-2006-1739 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
| The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. | |||||
| CVE-2006-1732 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | |||||
| CVE-2005-4874 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 4.3 MEDIUM | N/A |
| The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | |||||