Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
Max CVSS
5.0
EPSS Score
0.31%
Published
2003-12-31
Updated
2017-07-29
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-05
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Max CVSS
9.8
EPSS Score
1.17%
Published
2003-10-07
Updated
2024-01-25
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-08-27
Updated
2008-09-05
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
Max CVSS
6.8
EPSS Score
0.51%
Published
2003-08-27
Updated
2008-09-05
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-06-16
Updated
2016-10-18
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Max CVSS
7.5
EPSS Score
0.29%
Published
2003-06-16
Updated
2016-10-18
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
Max CVSS
5.0
EPSS Score
0.66%
Published
2003-04-02
Updated
2008-09-05
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
Max CVSS
6.8
EPSS Score
1.14%
Published
2003-04-02
Updated
2016-10-18
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
Max CVSS
5.0
EPSS Score
0.89%
Published
2003-04-02
Updated
2017-07-11
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
Max CVSS
7.5
EPSS Score
0.46%
Published
2003-04-02
Updated
2008-09-05
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
Max CVSS
7.5
EPSS Score
0.82%
Published
2003-01-17
Updated
2016-10-18
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-01-17
Updated
2016-10-18
13 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!