The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
Max CVSS
5.0
EPSS Score
0.27%
Published
2011-12-07
Updated
2012-03-08
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
Max CVSS
5.0
EPSS Score
0.31%
Published
2003-12-31
Updated
2017-07-29
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
Max CVSS
5.0
EPSS Score
0.56%
Published
2004-08-18
Updated
2017-10-11
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
Max CVSS
5.0
EPSS Score
1.07%
Published
2004-08-18
Updated
2017-10-11
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
Max CVSS
5.0
EPSS Score
95.96%
Published
2004-08-18
Updated
2017-10-11
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
Max CVSS
5.0
EPSS Score
3.55%
Published
2004-12-31
Updated
2017-07-11
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Max CVSS
5.0
EPSS Score
0.19%
Published
2004-10-20
Updated
2017-10-11
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Max CVSS
5.0
EPSS Score
34.14%
Published
2004-10-20
Updated
2017-10-11
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
Max CVSS
5.0
EPSS Score
81.14%
Published
2004-12-31
Updated
2008-09-05
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
Max CVSS
5.0
EPSS Score
6.31%
Published
2004-12-31
Updated
2017-07-11
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
Max CVSS
5.0
EPSS Score
3.27%
Published
2005-05-02
Updated
2017-10-11
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
Max CVSS
5.0
EPSS Score
5.86%
Published
2005-05-26
Updated
2017-10-11
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
Max CVSS
5.1
EPSS Score
57.50%
Published
2005-05-02
Updated
2017-10-11
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
Max CVSS
5.0
EPSS Score
1.69%
Published
2005-05-02
Updated
2017-10-11
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
Max CVSS
5.1
EPSS Score
94.08%
Published
2005-05-02
Updated
2018-05-03
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Max CVSS
5.1
EPSS Score
13.93%
Published
2005-05-02
Updated
2018-05-03
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
Max CVSS
5.1
EPSS Score
85.94%
Published
2005-05-02
Updated
2017-10-11
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Max CVSS
5.0
EPSS Score
11.01%
Published
2005-05-02
Updated
2017-10-11
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
Max CVSS
5.0
EPSS Score
25.12%
Published
2005-05-02
Updated
2017-10-11
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Max CVSS
5.0
EPSS Score
1.51%
Published
2005-05-02
Updated
2017-10-11
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
Max CVSS
5.0
EPSS Score
92.37%
Published
2005-05-02
Updated
2018-05-03
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
Max CVSS
5.0
EPSS Score
19.40%
Published
2005-05-02
Updated
2017-10-11
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
Max CVSS
5.1
EPSS Score
0.49%
Published
2005-05-02
Updated
2017-10-11
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
Max CVSS
5.1
EPSS Score
95.24%
Published
2005-05-09
Updated
2017-10-11
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
Max CVSS
5.1
EPSS Score
80.17%
Published
2005-05-09
Updated
2017-10-11
325 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!