Filtered by vendor Mozilla
Subscribe
Total
3213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2707 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | |||||
| CVE-2004-0906 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 4.6 MEDIUM | N/A |
| The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. | |||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | |||||
| CVE-2006-1735 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 9.3 HIGH | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | |||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | |||||
| CVE-2002-0815 | 3 Microsoft, Mozilla, Netscape | 3 Internet Explorer, Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
| The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | |||||
| CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | |||||
| CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. | |||||
| CVE-2006-2784 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
| The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | |||||
| CVE-2001-1401 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | |||||
| CVE-2005-0589 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability. | |||||
| CVE-2001-1407 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. | |||||
| CVE-2005-2269 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing"). | |||||
| CVE-2005-0144 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | |||||
| CVE-2003-1042 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 10.0 HIGH | N/A |
| SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. | |||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | |||||
| CVE-2005-2260 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | |||||
| CVE-2002-2260 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. | |||||
| CVE-2005-0231 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
| Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | |||||
| CVE-2004-0722 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||||