Filtered by vendor Mozilla
Subscriptions
Total
3386 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0145 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | ||||
| CVE-2006-4569 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2006-0496 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. | ||||
| CVE-2006-4567 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. | ||||
| CVE-2004-1380 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | ||||
| CVE-2006-0298 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | N/A |
| The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. | ||||
| CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | ||||
| CVE-2006-0296 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-03 | N/A |
| The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | ||||
| CVE-2006-0293 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | ||||
| CVE-2004-0906 | 2 Mozilla, Redhat | 3 Mozilla, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. | ||||
| CVE-2004-1200 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | ||||
| CVE-2006-0292 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | ||||
| CVE-2006-1728 | 3 Canonical, Mozilla, Redhat | 6 Ubuntu Linux, Firefox, Mozilla Suite and 3 more | 2025-04-03 | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. | ||||
| CVE-2005-4874 | 1 Mozilla | 1 Mozilla | 2025-04-03 | N/A |
| The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | ||||
| CVE-2004-0907 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | N/A |
| The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code. | ||||
| CVE-2004-0909 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. | ||||
| CVE-2002-0809 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
| CVE-2005-4720 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. | ||||
| CVE-2004-0763 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | ||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | ||||