Filtered by vendor Mozilla
Subscribe
Total
2782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1527 | 4 Fedoraproject, Google, Mozilla and 1 more | 4 Fedora, Android, Firefox and 1 more | 2016-11-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | |||||
| CVE-2015-4496 | 2 Mozilla, Oracle | 2 Firefox, Solaris | 2016-11-15 | 9.3 HIGH | N/A |
| Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538. | |||||
| CVE-2014-1506 | 3 Google, Mozilla, Oracle | 3 Android, Firefox, Solaris | 2016-11-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments. | |||||
| CVE-2014-1507 | 2 Mozilla, Oracle | 2 Firefoxos, Solaris | 2016-11-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object. | |||||
| CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2016-10-17 | 7.8 HIGH | N/A |
| Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | |||||
| CVE-2005-3402 | 1 Mozilla | 1 Thunderbird | 2016-10-17 | 2.6 LOW | N/A |
| The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. | |||||
| CVE-2005-1565 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 5.0 MEDIUM | N/A |
| Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. | |||||
| CVE-2005-1563 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 5.0 MEDIUM | N/A |
| Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. | |||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2016-10-17 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | |||||
| CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2016-10-17 | 5.0 MEDIUM | N/A |
| The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||
| CVE-2003-0298 | 1 Mozilla | 1 Mozilla | 2016-10-17 | 7.5 HIGH | N/A |
| The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | |||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2016-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | |||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | |||||
| CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 2.1 LOW | N/A |
| The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | |||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | |||||
| CVE-2002-1198 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 7.5 HIGH | N/A |
| Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | |||||
| CVE-2002-1091 | 3 Mozilla, Netscape, Opera Software | 3 Mozilla, Navigator, Opera Web Browser | 2016-10-17 | 7.5 HIGH | N/A |
| Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | |||||
| CVE-2002-1126 | 2 Galeon, Mozilla | 2 Galeon Browser, Mozilla | 2016-10-17 | 2.6 LOW | N/A |
| Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | |||||
| CVE-2002-0354 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2016-10-17 | 5.0 MEDIUM | N/A |
| The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | |||||