cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
94.81%
Published
2005-09-23
Updated
2017-10-11
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
Max CVSS
7.5
EPSS Score
92.99%
Published
2005-09-23
Updated
2017-10-11
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Max CVSS
7.5
EPSS Score
94.15%
Published
2005-09-23
Updated
2017-10-11
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
Max CVSS
7.5
EPSS Score
16.16%
Published
2005-07-13
Updated
2017-10-11
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
Max CVSS
7.5
EPSS Score
77.48%
Published
2005-07-13
Updated
2017-10-11

CVE-2005-2265

Public exploit
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
Max CVSS
5.0
EPSS Score
96.67%
Published
2005-07-13
Updated
2017-10-11
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
Max CVSS
7.5
EPSS Score
1.47%
Published
2005-05-02
Updated
2017-10-11
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
Max CVSS
7.5
EPSS Score
92.33%
Published
2005-05-02
Updated
2017-10-11
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
Max CVSS
7.5
EPSS Score
12.61%
Published
2005-05-02
Updated
2017-10-11
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
Max CVSS
7.5
EPSS Score
62.68%
Published
2005-04-18
Updated
2017-10-11
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
Max CVSS
7.5
EPSS Score
4.14%
Published
2005-03-25
Updated
2017-10-11
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
Max CVSS
2.6
EPSS Score
89.07%
Published
2005-05-02
Updated
2017-10-11
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
Max CVSS
5.1
EPSS Score
94.08%
Published
2005-05-02
Updated
2018-05-03
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
Max CVSS
5.0
EPSS Score
5.86%
Published
2005-05-26
Updated
2017-10-11
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!