Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
Max CVSS
5.0
EPSS Score
1.35%
Published
2000-07-25
Updated
2008-09-10
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
Max CVSS
5.0
EPSS Score
1.00%
Published
2001-12-31
Updated
2017-07-11
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.
Max CVSS
5.0
EPSS Score
1.11%
Published
2002-01-31
Updated
2008-09-10
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
Max CVSS
5.0
EPSS Score
13.22%
Published
2002-01-31
Updated
2008-09-10
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
Max CVSS
5.0
EPSS Score
0.17%
Published
2002-06-25
Updated
2016-10-18
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
Max CVSS
5.0
EPSS Score
1.21%
Published
2002-06-18
Updated
2008-09-05
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
Max CVSS
5.0
EPSS Score
7.59%
Published
2002-08-12
Updated
2008-09-10
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Max CVSS
5.0
EPSS Score
0.68%
Published
2002-08-12
Updated
2008-09-05
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Max CVSS
5.0
EPSS Score
0.22%
Published
2002-12-31
Updated
2008-09-05
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Max CVSS
5.0
EPSS Score
1.46%
Published
2002-12-31
Updated
2008-09-05
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
Max CVSS
5.0
EPSS Score
3.06%
Published
2002-12-31
Updated
2008-09-05
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
Max CVSS
5.0
EPSS Score
0.27%
Published
2011-12-07
Updated
2012-03-08
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
Max CVSS
5.0
EPSS Score
0.89%
Published
2003-04-02
Updated
2017-07-11
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
Max CVSS
5.0
EPSS Score
0.66%
Published
2003-04-02
Updated
2008-09-05
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-06-16
Updated
2016-10-18
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
Max CVSS
5.0
EPSS Score
2.08%
Published
2004-08-18
Updated
2017-07-11
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
Max CVSS
5.0
EPSS Score
0.31%
Published
2003-12-31
Updated
2017-07-29
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
Max CVSS
5.0
EPSS Score
0.21%
Published
2004-07-27
Updated
2017-07-11
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
Max CVSS
5.0
EPSS Score
10.66%
Published
2004-08-18
Updated
2017-10-11
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
Max CVSS
5.0
EPSS Score
0.56%
Published
2004-08-18
Updated
2017-10-11
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
Max CVSS
5.0
EPSS Score
1.07%
Published
2004-08-18
Updated
2017-10-11
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
Max CVSS
5.0
EPSS Score
95.96%
Published
2004-08-18
Updated
2017-10-11
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Max CVSS
5.0
EPSS Score
0.33%
Published
2004-09-16
Updated
2017-07-11
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
Max CVSS
5.1
EPSS Score
3.72%
Published
2004-12-31
Updated
2017-07-11
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
Max CVSS
5.0
EPSS Score
3.55%
Published
2004-12-31
Updated
2017-07-11
416 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!