Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Max CVSS
4.0
EPSS Score
0.22%
Published
2004-12-31
Updated
2022-02-28
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.
Max CVSS
1.7
EPSS Score
0.04%
Published
2004-12-31
Updated
2024-03-21
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
Max CVSS
5.0
EPSS Score
6.31%
Published
2004-12-31
Updated
2017-07-11
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.
Max CVSS
5.0
EPSS Score
0.29%
Published
2004-12-31
Updated
2017-07-11
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
Max CVSS
5.0
EPSS Score
81.14%
Published
2004-12-31
Updated
2008-09-05
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
Max CVSS
2.6
EPSS Score
0.76%
Published
2004-12-31
Updated
2017-07-11
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
Max CVSS
5.0
EPSS Score
0.25%
Published
2004-10-25
Updated
2017-07-11
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
Max CVSS
5.0
EPSS Score
0.29%
Published
2004-10-25
Updated
2017-07-11
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
Max CVSS
5.0
EPSS Score
1.40%
Published
2004-10-18
Updated
2016-10-18
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
Max CVSS
5.0
EPSS Score
1.06%
Published
2004-10-18
Updated
2017-10-11
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
Max CVSS
2.6
EPSS Score
0.29%
Published
2004-12-31
Updated
2008-09-05
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
Max CVSS
5.0
EPSS Score
0.21%
Published
2004-12-31
Updated
2008-09-05
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
Max CVSS
2.6
EPSS Score
0.21%
Published
2004-12-31
Updated
2008-09-05
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Max CVSS
5.0
EPSS Score
34.14%
Published
2004-10-20
Updated
2017-10-11
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Max CVSS
5.0
EPSS Score
0.19%
Published
2004-10-20
Updated
2017-10-11
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
Max CVSS
5.0
EPSS Score
30.96%
Published
2004-12-29
Updated
2018-05-03
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
Max CVSS
5.0
EPSS Score
3.55%
Published
2004-12-31
Updated
2017-07-11
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Max CVSS
4.3
EPSS Score
0.56%
Published
2004-12-31
Updated
2017-10-11
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
Max CVSS
5.1
EPSS Score
3.72%
Published
2004-12-31
Updated
2017-07-11
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
Max CVSS
4.0
EPSS Score
0.29%
Published
2004-12-31
Updated
2017-10-11
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.11%
Published
2004-12-31
Updated
2017-10-11
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Max CVSS
4.6
EPSS Score
1.84%
Published
2004-09-14
Updated
2017-10-11
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Max CVSS
10.0
EPSS Score
11.69%
Published
2004-12-31
Updated
2017-10-11
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Max CVSS
5.0
EPSS Score
0.33%
Published
2004-09-16
Updated
2017-07-11
54 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!