Filtered by vendor Mozilla Subscriptions
Filtered by product Firefox Subscriptions
Total 2681 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-0765 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2024-11-21 N/A
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
CVE-2004-0764 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2024-11-21 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
CVE-2004-0763 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2024-11-21 N/A
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
CVE-2004-0762 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2024-11-21 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
CVE-2004-0761 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2024-11-21 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
CVE-2004-0757 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2024-11-21 N/A
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
CVE-2004-0648 1 Mozilla 3 Firefox, Mozilla, Thunderbird 2024-11-21 N/A
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
CVE-2003-1492 2 Mozilla, Netscape 2 Firefox, Navigator 2024-11-21 N/A
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
CVE-2002-2437 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2024-11-21 N/A
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
CVE-2002-2436 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2024-11-21 N/A
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2024-10466 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-13 7.5 High
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10462 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-04 7.5 High
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10463 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-04 7.5 High
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10464 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-04 7.5 High
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10465 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-04 7.5 High
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10468 1 Mozilla 2 Firefox, Thunderbird 2024-11-04 9.8 Critical
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
CVE-2024-10467 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-04 9.8 Critical
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10461 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2024-11-04 6.1 Medium
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10460 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2024-10-31 5.4 Medium
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
CVE-2024-10459 2 Mozilla, Redhat 8 Firefox, Thunderbird, Enterprise Linux and 5 more 2024-10-31 6.5 Medium
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.