Filtered by vendor Mozilla
Subscriptions
Total
3368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | ||||
| CVE-2006-2778 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | ||||
| CVE-2006-2779 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. | ||||
| CVE-2006-2784 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | ||||
| CVE-2006-2786 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | ||||
| CVE-2006-2787 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | ||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | ||||
| CVE-2006-3113 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | ||||
| CVE-2006-3677 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | ||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | ||||
| CVE-2006-3802 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. | ||||
| CVE-2006-3803 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. | ||||
| CVE-2006-3805 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. | ||||
| CVE-2006-3806 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." | ||||
| CVE-2005-2395 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. | ||||
| CVE-2006-4340 | 2 Mozilla, Redhat | 5 Firefox, Network Security Services, Seamonkey and 2 more | 2025-04-03 | N/A |
| Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | ||||
| CVE-2005-2260 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | ||||
| CVE-2005-2261 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2025-04-03 | N/A |
| Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | ||||
| CVE-2005-2262 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling." | ||||
| CVE-2005-2264 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL. | ||||