Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mozilla Subscribe
Total 2782 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2225 1 Mozilla 1 Firefox 2008-09-05 5.0 MEDIUM N/A
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
CVE-2004-1450 1 Mozilla 1 Mozilla 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1451 1 Mozilla 1 Mozilla 2008-09-05 2.6 LOW N/A
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2008-09-05 2.6 LOW N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2003-1265 2 Mozilla, Netscape 2 Mozilla, Navigator 2008-09-05 2.1 LOW N/A
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
CVE-2003-0602 1 Mozilla 1 Bugzilla 2008-09-05 6.8 MEDIUM N/A
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
CVE-2003-0603 1 Mozilla 1 Bugzilla 2008-09-05 2.1 LOW N/A
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
CVE-2003-0152 1 Mozilla 1 Bonsai 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
CVE-2003-0155 1 Mozilla 1 Bonsai 2008-09-05 5.0 MEDIUM N/A
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
CVE-2002-2359 1 Mozilla 1 Mozilla 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
CVE-2002-2013 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2008-09-05 5.0 MEDIUM N/A
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVE-2002-2314 1 Mozilla 1 Mozilla 2008-09-05 5.0 MEDIUM N/A
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2008-09-05 5.0 MEDIUM N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-2002-0809 1 Mozilla 1 Bugzilla 2008-09-05 7.5 HIGH N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
CVE-2002-0808 1 Mozilla 1 Bugzilla 2008-09-05 7.5 HIGH N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
CVE-2002-0806 1 Mozilla 1 Bugzilla 2008-09-05 2.1 LOW N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
CVE-2002-0810 1 Mozilla 1 Bugzilla 2008-09-05 5.0 MEDIUM N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
CVE-2002-0805 1 Mozilla 1 Bugzilla 2008-09-05 4.6 MEDIUM N/A
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
CVE-2002-0593 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2008-09-05 7.5 HIGH N/A
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
CVE-2002-0594 3 Galeon, Mozilla, Netscape 3 Galeon Browser, Mozilla, Navigator 2008-09-05 5.0 MEDIUM N/A
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.