Mozilla Mozilla
109 CVEs affecting Mozilla Mozilla. Latest disclosed: 2009-08-31. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2007-4039 | Critical | 9.8 | 2007-07-27 | Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and ex… |
CVE-2003-0791 | Critical | 9.8 | 2003-10-07 | The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to t… |
CVE-2005-0587 | Medium | 6.5 | 2005-03-25 | Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link… |
CVE-2009-3014 | | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in… | |
CVE-2009-3010 | | 2009-08-31 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refres… | |
CVE-2007-3144 | | 2007-06-11 | Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, w… | |
CVE-2007-1794 | | 2007-04-02 | The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garba… | |
CVE-2006-6498 | | 2006-12-20 | Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonk… | |
CVE-2006-0292 | | 2006-02-02 | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a den… | |
CVE-2006-0496 | | 2006-02-01 | Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earl… | |
CVE-2005-4874 | | 2005-12-31 | The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a req… | |
CVE-2005-4809 | | 2005-12-31 | Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF… | |
CVE-2005-4685 | | 2005-12-31 | Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers… | |
CVE-2005-3896 | | 2005-11-29 | Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | |
CVE-2005-2968 | | 2005-09-20 | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the comman… | |
CVE-2005-2270 | | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the p… | |
CVE-2005-2269 | | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their name… | |
CVE-2005-2268 | | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attac… | |
CVE-2005-2266 | | 2005-07-13 | Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a differen… | |
CVE-2005-2265 | | 2005-07-13 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and p… |