Total
1349 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0399 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | |||||
CVE-2006-3812 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | |||||
CVE-2006-3802 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.8 MEDIUM | N/A |
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. | |||||
CVE-2006-0294 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. | |||||
CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
CVE-2006-1737 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. | |||||
CVE-2005-2261 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | |||||
CVE-2006-1530 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
CVE-2006-2786 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | |||||
CVE-2006-3803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.1 MEDIUM | N/A |
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. | |||||
CVE-2006-3804 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. | |||||
CVE-2005-0255 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | |||||
CVE-2005-2353 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 2.1 LOW | N/A |
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2006-3805 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. | |||||
CVE-2006-1738 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. | |||||
CVE-2005-0142 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 2.1 LOW | N/A |
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | |||||
CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 10.0 HIGH | N/A |
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||||
CVE-2004-0761 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | |||||
CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | |||||
CVE-2004-0908 | 1 Mozilla | 2 Mozilla, Thunderbird | 2024-02-28 | 4.0 MEDIUM | N/A |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. |