Filtered by vendor Mozilla
Subscribe
Total
2782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2225 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | |||||
| CVE-2004-1450 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. | |||||
| CVE-2004-1451 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. | |||||
| CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | |||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-05 | 2.1 LOW | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | |||||
| CVE-2003-0602 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. | |||||
| CVE-2003-0603 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.1 LOW | N/A |
| Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. | |||||
| CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | |||||
| CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2008-09-05 | 5.0 MEDIUM | N/A |
| bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | |||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | |||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | |||||
| CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||||
| CVE-2002-0809 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | |||||
| CVE-2002-0808 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | |||||
| CVE-2002-0806 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 2.1 LOW | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | |||||
| CVE-2002-0810 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||||