Filtered by vendor Mozilla
Subscriptions
Total
3094 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2024-11-21 | N/A |
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | ||||
CVE-2002-2260 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. | ||||
CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-11-21 | N/A |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | ||||
CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-11-21 | N/A |
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | ||||
CVE-2002-1308 | 3 Mozilla, Netscape, Redhat | 4 Mozilla, Navigator, Enterprise Linux and 1 more | 2024-11-21 | N/A |
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | ||||
CVE-2002-1198 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | ||||
CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | ||||
CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | ||||
CVE-2002-1126 | 3 Galeon, Mozilla, Redhat | 4 Galeon Browser, Mozilla, Enterprise Linux and 1 more | 2024-11-21 | N/A |
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | ||||
CVE-2002-1091 | 4 Mozilla, Netscape, Opera Software and 1 more | 5 Mozilla, Navigator, Opera Web Browser and 2 more | 2024-11-21 | N/A |
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | ||||
CVE-2002-0815 | 3 Microsoft, Mozilla, Netscape | 3 Internet Explorer, Mozilla, Navigator | 2024-11-21 | N/A |
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | ||||
CVE-2002-0811 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | ||||
CVE-2002-0810 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | ||||
CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
CVE-2002-0808 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
CVE-2002-0807 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||
CVE-2002-0806 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | ||||
CVE-2002-0805 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | ||||
CVE-2002-0804 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | ||||
CVE-2002-0803 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-11-21 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. |