ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Total
3094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0762 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2024-11-21 | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | ||||
| CVE-2004-0761 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2024-11-21 | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | ||||
| CVE-2004-0760 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||||
| CVE-2004-0759 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. | ||||
| CVE-2004-0758 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | ||||
| CVE-2004-0757 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2024-11-21 | N/A |
| Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | ||||
| CVE-2004-0722 | 3 Mozilla, Netscape, Redhat | 3 Mozilla, Navigator, Enterprise Linux | 2024-11-21 | N/A |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||||
| CVE-2004-0718 | 4 Firebirdsql, Mozilla, Netscape and 1 more | 4 Firebird, Mozilla, Navigator and 1 more | 2024-11-21 | N/A |
| The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | ||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | ||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | ||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | ||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | ||||
| CVE-2004-0702 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information. | ||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-11-21 | N/A |
| Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | ||||
| CVE-2004-0478 | 1 Mozilla | 1 Mozilla | 2024-11-21 | N/A |
| Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. | ||||
| CVE-2004-0191 | 2 Mozilla, Redhat | 3 Mozilla, Enterprise Linux, Linux | 2024-11-21 | N/A |
| Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | ||||
| CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2024-11-21 | N/A |
| Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | ||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-11-21 | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | ||||
| CVE-2003-1046 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. | ||||