Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2004-0597 | 10.0 |
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
|
12-10-2018 - 21:34 | 23-11-2004 - 05:00 | |
CVE-2008-2809 | 4.0 |
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in t
|
11-10-2018 - 20:44 | 08-07-2008 - 23:41 | |
CVE-2008-2808 | 4.3 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2811 | 10.0 |
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose di
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2810 | 6.8 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has pre
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2807 | 5.0 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 enc
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2806 | 7.5 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java Liv
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2798 | 10.0 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unk
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2799 | 10.0 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unk
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2801 | 7.5 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that u
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2803 | 6.8 |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2805 | 5.0 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2802 | 7.5 |
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to t
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2800 | 4.3 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT el
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2004-0902 | 10.0 |
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send p
|
03-05-2018 - 01:29 | 27-01-2005 - 05:00 | |
CVE-2004-0903 | 10.0 |
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachment
|
11-10-2017 - 01:29 | 27-01-2005 - 05:00 | |
CVE-2004-0758 | 5.0 |
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is tr
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0765 | 7.5 |
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows rem
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0908 | 4.0 |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0764 | 10.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0599 | 5.0 |
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (applic
|
11-10-2017 - 01:29 | 23-11-2004 - 05:00 | |
CVE-2004-0757 | 10.0 |
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0906 | 4.6 |
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary fi
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0904 | 10.0 |
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overfl
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2004-0763 | 5.0 |
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0762 | 5.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0761 | 5.0 |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0759 | 6.4 |
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0598 | 5.0 |
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
|
11-10-2017 - 01:29 | 23-11-2004 - 05:00 | |
CVE-2004-0905 | 4.6 |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a fr
|
11-10-2017 - 01:29 | 14-09-2004 - 04:00 | |
CVE-2004-0648 | 10.0 |
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
|
11-07-2017 - 01:30 | 06-08-2004 - 04:00 | |
CVE-2004-0907 | 4.6 |
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute ar
|
11-07-2017 - 01:30 | 31-12-2004 - 05:00 | |
CVE-2004-0779 | 7.5 |
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached passwor
|
11-07-2017 - 01:30 | 18-08-2004 - 04:00 | |
CVE-2004-0909 | 5.1 |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abiliti
|
11-07-2017 - 01:30 | 31-12-2004 - 05:00 | |
CVE-2004-1450 | 5.0 |
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
|
05-09-2008 - 20:41 | 31-12-2004 - 05:00 | |
CVE-2004-1451 | 2.6 |
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
|
05-09-2008 - 20:41 | 31-12-2004 - 05:00 |