Filtered by vendor Mozilla
Subscribe
Total
3382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0763 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | |||||
| CVE-2005-2353 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.1 LOW | N/A |
| run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-1531 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." | |||||
| CVE-2006-1650 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue. | |||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | |||||
| CVE-2005-2262 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
| Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | |||||
| CVE-2006-3801 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. | |||||
| CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
| CVE-2006-3352 | 1 Mozilla | 1 Firefox | 2025-04-03 | 6.4 MEDIUM | N/A |
| Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status | |||||
| CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | |||||
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2006-0297 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. | |||||
| CVE-2005-1158 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | |||||
| CVE-2006-3113 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | |||||
| CVE-2004-0764 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. | |||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | |||||
| CVE-2002-2260 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. | |||||
| CVE-2004-0761 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | |||||