Filtered by vendor Mozilla Subscriptions
Filtered by product Mozilla Subscriptions
Total 109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-3014 1 Mozilla 3 Firefox, Mozilla, Seamonkey 2025-04-09 N/A
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
CVE-2007-3144 1 Mozilla 1 Mozilla 2025-04-09 N/A
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
CVE-2006-6498 2 Mozilla, Redhat 5 Firefox, Mozilla, Seamonkey and 2 more 2025-04-09 N/A
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
CVE-2007-1794 2 Mozilla, Sun 3 Mozilla, Solaris, Sunos 2025-04-09 N/A
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
CVE-2007-4039 1 Mozilla 1 Mozilla 2025-04-09 9.8 Critical
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
CVE-2009-3010 1 Mozilla 3 Firefox, Mozilla, Seamonkey 2025-04-09 N/A
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
CVE-2004-1450 1 Mozilla 1 Mozilla 2025-04-03 N/A
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2025-04-03 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2004-0904 4 Conectiva, Mozilla, Netscape and 1 more 10 Linux, Firefox, Mozilla and 7 more 2025-04-03 N/A
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2001-1490 1 Mozilla 1 Mozilla 2025-04-03 N/A
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
CVE-2002-0354 3 Mozilla, Netscape, Redhat 3 Mozilla, Navigator, Linux 2025-04-03 N/A
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
CVE-2005-0578 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
CVE-2005-0587 1 Mozilla 2 Firefox, Mozilla 2025-04-03 6.5 Medium
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
CVE-2005-0590 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2025-04-03 N/A
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
CVE-2004-1753 2 Mozilla, Netscape 3 Firefox, Mozilla, Navigator 2025-04-03 N/A
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
CVE-2005-0144 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
CVE-2005-1160 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
CVE-2002-1091 4 Mozilla, Netscape, Opera Software and 1 more 5 Mozilla, Navigator, Opera Web Browser and 2 more 2025-04-03 N/A
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
CVE-2002-1308 3 Mozilla, Netscape, Redhat 4 Mozilla, Navigator, Enterprise Linux and 1 more 2025-04-03 N/A
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
CVE-2004-1613 3 Mozilla, Redhat, Sgi 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more 2025-04-03 N/A
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.