Filtered by vendor Mozilla Subscriptions
Total 3383 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1273 1 Mozilla 1 Firefox 2025-04-03 N/A
Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself
CVE-2006-2332 1 Mozilla 1 Firefox 2025-04-03 N/A
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.
CVE-2005-2353 1 Mozilla 1 Thunderbird 2025-04-03 N/A
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0706 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
CVE-2005-0989 3 Mozilla, Netscape, Redhat 4 Firefox, Mozilla, Navigator and 1 more 2025-04-03 N/A
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
CVE-2003-0152 1 Mozilla 1 Bonsai 2025-04-03 N/A
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
CVE-2005-0589 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-03 N/A
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
CVE-2005-1156 3 Mozilla, Netscape, Redhat 4 Firefox, Mozilla, Navigator and 1 more 2025-04-03 N/A
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
CVE-2005-1160 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
CVE-2005-0584 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
CVE-2005-1565 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
CVE-2005-1158 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-03 N/A
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
CVE-2006-2613 2 Mozilla, Netscape 3 Firefox, Mozilla Suite, Navigator 2025-04-03 N/A
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
CVE-2005-1531 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
CVE-2005-1564 1 Mozilla 1 Bugzilla 2025-04-03 N/A
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
CVE-2005-1576 1 Mozilla 1 Firefox 2025-04-03 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
CVE-2004-2657 1 Mozilla 1 Firefox 2025-04-03 N/A
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.
CVE-2006-2723 1 Mozilla 1 Firefox 2025-04-03 N/A
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
CVE-2006-2775 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 N/A
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
CVE-2006-2778 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2025-04-03 N/A
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.