Filtered by vendor Mozilla
Subscribe
Total
2782 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4723 | 1 Mozilla | 1 Firefox | 2008-10-23 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2003-0791 | 2 Mozilla, Sco | 2 Mozilla, Openserver | 2008-09-10 | 7.5 HIGH | N/A |
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | |||||
CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||||
CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | |||||
CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | |||||
CVE-2002-0011 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | |||||
CVE-2002-0010 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. | |||||
CVE-2002-0009 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 5.0 MEDIUM | N/A |
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | |||||
CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||||
CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||||
CVE-2000-0421 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | 7.5 HIGH | N/A |
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2006-6971 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. | |||||
CVE-2005-4720 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. | |||||
CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2008-09-05 | 2.6 LOW | N/A |
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||||
CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 5.0 MEDIUM | N/A |
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | |||||
CVE-2005-2174 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.6 LOW | N/A |
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | |||||
CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2008-09-05 | 2.6 LOW | N/A |
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | |||||
CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. |