Filtered by vendor Mozilla
Subscribe
Total
3042 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | |||||
CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | |||||
CVE-2004-0908 | 1 Mozilla | 2 Mozilla, Thunderbird | 2024-02-28 | 4.0 MEDIUM | N/A |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. | |||||
CVE-2004-0769 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | |||||
CVE-2004-0779 | 2 Firebirdsql, Mozilla | 3 Firebird, Firefox, Mozilla | 2024-02-28 | 7.5 HIGH | N/A |
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. | |||||
CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | |||||
CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | |||||
CVE-2004-1316 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | |||||
CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | |||||
CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2024-02-28 | 5.0 MEDIUM | N/A |
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | |||||
CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-02-28 | 5.0 MEDIUM | N/A |
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||||
CVE-2002-1091 | 3 Mozilla, Netscape, Opera Software | 3 Mozilla, Navigator, Opera Web Browser | 2024-02-28 | 7.5 HIGH | N/A |
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | |||||
CVE-2001-1405 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 2.1 LOW | N/A |
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | |||||
CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2024-02-28 | 5.0 MEDIUM | N/A |
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||||
CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | |||||
CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | |||||
CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
CVE-2002-0354 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-02-28 | 5.0 MEDIUM | N/A |
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | |||||
CVE-2004-0760 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 6.4 MEDIUM | N/A |
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. |