Filtered by vendor Mozilla
Subscribe
Total
3316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4534 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-4134 | 3 K-meleon Project, Mozilla, Netscape | 4 K-meleon, Firefox, Mozilla Suite and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. | |||||
| CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
| The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||||
| CVE-2006-4561 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | |||||
| CVE-2006-2788 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
| Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. | |||||
| CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||||
| CVE-2005-0402 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
| Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | |||||
| CVE-2005-0147 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | |||||
| CVE-2005-1563 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. | |||||
| CVE-2006-0748 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. | |||||
| CVE-2005-2267 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. | |||||
| CVE-2005-0215 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. | |||||
| CVE-2001-0330 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. | |||||
| CVE-2005-0255 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | |||||
| CVE-2005-2353 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.1 LOW | N/A |
| run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-1734 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 6.8 MEDIUM | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | |||||
| CVE-2005-2264 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL. | |||||
| CVE-2005-2114 | 1 Mozilla | 3 Camino, Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | |||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | |||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||