Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2659 | 2 Mozilla, Opera | 2 Mozilla, Opera Browser | 2024-02-28 | 4.0 MEDIUM | N/A |
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. | |||||
CVE-2005-0230 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.1 MEDIUM | N/A |
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging." | |||||
CVE-2005-0402 | 1 Mozilla | 1 Firefox | 2024-02-28 | 2.6 LOW | N/A |
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | |||||
CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-28 | 2.6 LOW | 6.5 MEDIUM |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | |||||
CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2024-02-28 | 7.5 HIGH | N/A |
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
CVE-2006-3677 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | |||||
CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
CVE-2005-4534 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2006-1737 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. | |||||
CVE-2005-0401 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-28 | 5.1 MEDIUM | N/A |
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | |||||
CVE-2005-0144 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-28 | 2.6 LOW | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | |||||
CVE-2005-1155 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-28 | 7.5 HIGH | N/A |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | |||||
CVE-2006-4253 | 3 K-meleon Project, Mozilla, Netscape | 3 K-meleon, Firefox, Navigator | 2024-02-28 | 7.6 HIGH | N/A |
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. | |||||
CVE-2006-1729 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Mozilla Suite and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. | |||||
CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2024-02-28 | 2.6 LOW | N/A |
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | |||||
CVE-2005-2261 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | |||||
CVE-2006-1530 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2024-02-28 | 7.5 HIGH | N/A |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
CVE-2006-2786 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | |||||
CVE-2006-0914 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.5 MEDIUM | N/A |
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. |