Vulnerabilites related to mozilla - mozilla
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel=\"icon\"> tag with a javascript: URL in the href attribute, aka \"Firelinking.\"", }, ], id: "CVE-2005-1155", lastModified: "2024-11-20T23:56:44.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/973309", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.mikx.de/firelinking/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-37.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/13216", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/973309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.mikx.de/firelinking/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-37.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", matchCriteriaId: "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", matchCriteriaId: "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.", }, ], id: "CVE-2002-0815", lastModified: "2024-11-20T23:39:56.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-08-12T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka \"Firescrolling 2.\"", }, ], id: "CVE-2005-0401", lastModified: "2024-11-20T23:55:02.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://mikx.de/firescrolling2/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14654", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-32.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/12885", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/0296", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://mikx.de/firescrolling2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-32.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/12885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-12 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | mozilla | * | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "D1CB48E1-FCDD-49B2-B73E-37E912072683", versionEndIncluding: "1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via \"Wrapped\" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) \"a nested variant.\"", }, ], id: "CVE-2005-1531", lastModified: "2024-11-20T23:57:33.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-12T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1013962", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1013963", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.mozilla.org/security/announce/mfsa2005-43.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/13641", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/0530", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1013962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1013963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.mozilla.org/security/announce/mfsa2005-43.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-12-20 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", matchCriteriaId: "ABB88E86-6E83-4A59-9266-8B98AA91774D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7D6BF5B1-86D1-47FE-9D9C-735718F94874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F2F38886-C25A-4C6B-93E7-36461405BA99", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C65D2670-F37F-48CB-804A-D35BB1C27D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2917BD67-CE81-4B94-B241-D4A9DDA60319", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", matchCriteriaId: "3487FA64-BE04-42CA-861E-3DAC097D7D32", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F0D56153-E20A-46D8-859E-A51E5C03D674", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2C51A6F4-F88F-4BF2-BF71-5DC48559C085", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FFC390CB-774C-47BE-95C3-059943A9E645", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B71DE7AC-553B-4524-8B33-5605518449EB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "72B02389-0DCD-45BC-A09F-CB6B75940616", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "41AE4644-2D23-43EA-ABDA-7BE60EFD1EFF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", matchCriteriaId: "4FB87608-0DF8-4729-95C5-CFA386AB3AC2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E6C169DA-26BC-42EE-817B-2F0685069495", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9C99BAF7-B48E-4402-B2BF-EB07235E402E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C3F0C73F-291F-4A92-87B8-2269B5C1516D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C86FD617-E4FE-4F85-AAA4-4F968A9DEC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "938B1260-74A7-4CFF-8086-415DCC284430", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "E28672BA-E3C2-40C3-80E1-95B7CDD089E2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*", matchCriteriaId: "9308147C-0A23-48BC-BFA9-A49B9D73014E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", matchCriteriaId: "09E18FC0-0C8C-4FA1-85B9-B868D00F002F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6521C877-63C9-4B6E-9FC9-1263FFBB7950", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "22D33486-4956-4E2C-BA16-FA269A9D02BD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "381313EF-DF84-4F66-9962-DE8F45029D79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.", }, { lang: "es", value: "Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 y Mozilla 1.7 y puede que versiones anteriores en Solaris; permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) y posiblemente ejecutar código de su elección mediante vectores desconocidos, teniendo impacto desconocido.", }, ], id: "CVE-2006-6498", lastModified: "2024-11-21T00:22:49.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2006-12-20T01:28:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", }, { source: "secalert@redhat.com", url: "http://fedoranews.org/cms/node/2297", }, { source: "secalert@redhat.com", url: "http://fedoranews.org/cms/node/2338", }, { source: "secalert@redhat.com", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "secalert@redhat.com", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23282", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23420", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23422", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23433", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23439", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23440", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23468", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23514", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23545", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23589", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23591", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23601", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23614", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23618", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23672", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23692", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23988", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24078", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24390", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25556", }, { source: "secalert@redhat.com", url: "http://security.gentoo.org/glsa/glsa-200701-02.xml", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1017398", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1017405", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1017406", }, { source: "secalert@redhat.com", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1253", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1258", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1265", }, { source: "secalert@redhat.com", url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/427972", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/447772", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/21668", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-398-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-398-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-400-1", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2006/5068", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2007/2106", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2008/0083", }, { source: "secalert@redhat.com", url: "https://issues.rpath.com/browse/RPL-883", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fedoranews.org/cms/node/2297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fedoranews.org/cms/node/2338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23422", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23692", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/23988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/25556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200701-02.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017406", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1253", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/427972", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/447772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/21668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-398-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-398-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-400-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/5068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
conectiva | linux | 9.0 | |
conectiva | linux | 10.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.", }, ], id: "CVE-2004-0903", lastModified: "2024-11-20T23:49:38.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-01-27T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/414240", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11174", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/414240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.", }, ], id: "CVE-2005-0142", lastModified: "2024-11-20T23:54:30.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/19823", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-02.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-02.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.", }, { lang: "es", value: "Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección.", }, ], id: "CVE-2004-0722", lastModified: "2024-11-20T23:49:15.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", }, { source: "cve@mitre.org", url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | thunderbird | 0.1 | |
mozilla | thunderbird | 0.2 | |
mozilla | thunderbird | 0.3 | |
mozilla | thunderbird | 0.4 | |
mozilla | thunderbird | 0.5 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
mozilla | thunderbird | 0.8 | |
mozilla | thunderbird | 0.9 | |
mozilla | thunderbird | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname.", }, ], id: "CVE-2005-0590", lastModified: "2024-11-20T23:55:28.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-17.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-17.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.", }, { lang: "es", value: "Desbordamiento de búfer basado en el montículo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar código arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un búfer durante la descompresión.", }, ], id: "CVE-2002-1308", lastModified: "2024-11-20T23:41:01.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-11-29T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-162.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-163.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/6185", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-162.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-163.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/6185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-02-02 20:06
Modified
2024-11-21 00:06
Severity ?
Summary
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | firefox | 1.0.5 | |
mozilla | firefox | 1.0.6 | |
mozilla | firefox | 1.0.6 | |
mozilla | firefox | 1.0.7 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*", matchCriteriaId: "659F5DAF-D54F-43FB-AB2A-3FC7D456B434", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", matchCriteriaId: "ABB88E86-6E83-4A59-9266-8B98AA91774D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", matchCriteriaId: "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.", }, ], id: "CVE-2006-0292", lastModified: "2024-11-21T00:06:07.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-02-02T20:06:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", }, { source: "secalert@redhat.com", url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18700", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18703", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18704", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18705", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18706", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18708", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/18709", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19230", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19746", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19759", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19780", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19821", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19852", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19862", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19863", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19902", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19941", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19950", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/20051", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/21033", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/21622", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/22065", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1015570", }, { source: "secalert@redhat.com", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", }, { source: "secalert@redhat.com", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", }, { source: "secalert@redhat.com", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1044", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1046", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1051", }, { source: "secalert@redhat.com", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", }, { source: "secalert@redhat.com", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", }, { source: "secalert@redhat.com", url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/16476", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2006/0413", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2006/3391", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2006/3749", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670", }, { source: "secalert@redhat.com", url: "https://usn.ubuntu.com/271-1/", }, { source: "secalert@redhat.com", url: "https://usn.ubuntu.com/275-1/", }, { source: "secalert@redhat.com", url: "https://usn.ubuntu.com/276-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18709", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19821", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19902", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/20051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/21033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/21622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/22065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/16476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/0413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3391", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/271-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/275-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/276-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-09-24 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
galeon | galeon_browser | 1.2.4 | |
galeon | galeon_browser | 1.2.5 | |
galeon | galeon_browser | 1.2.6 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "1196F08A-E1AF-41F0-9685-0E54A8409D85", vulnerable: true, }, { criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B32DBCE5-7463-4124-A6E1-5D2206F31E0C", vulnerable: true, }, { criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "864F6D5C-88BE-4FDB-ABD6-E0AB1C7377BA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.", }, ], id: "CVE-2002-1126", lastModified: "2024-11-20T23:40:39.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-09-24T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/10084.php", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/10084.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5694", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", versionEndIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", versionEndIncluding: "0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.", }, { lang: "es", value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7 permiten a atacantes remotos usar ciertas secuencias de redirección para suplantar el icono de la cerradura de seguridad que se muestra cuando una página está cifrada.", }, ], id: "CVE-2004-0761", lastModified: "2024-11-20T23:49:20.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:galeon:galeon_browser:1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E89FB22-EF04-446F-AF36-44878AB57AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "184CDE30-30DE-49F5-A44D-36CA3852BF12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.", }, ], id: "CVE-2002-0594", lastModified: "2024-11-20T23:39:26.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-06-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/270249", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/8977.php", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/270249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/8977.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4640", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.", }, { lang: "es", value: "Mozilla permite a atacantes remotos causar que Mozilla abra una URI como de un tipo MIME distinto al esperado mediante un carácter nulo (%00) en una URI FTP.", }, ], id: "CVE-2004-0760", lastModified: "2024-11-20T23:49:20.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.", }, ], id: "CVE-2005-4874", lastModified: "2024-11-21T00:05:23.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.", }, ], id: "CVE-2004-0909", lastModified: "2024-11-20T23:49:39.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12526", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/113192", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/113192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-31 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7", versionEndIncluding: "3.0.13", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "63DF3D65-C992-44CF-89B4-893526C6242E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "A9024117-2E8B-4240-9E21-CC501F3879B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "52624B41-AB34-40AD-8709-D9646B618AB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "917E9856-9556-4FD6-A834-858F8837A6B4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "98BBD74D-930C-4D80-A91B-0D61347BAA63", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "FAF2E696-883D-4DE5-8B79-D8E5D9470253", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "94E04FD9-38E8-462D-82C2-729F7F7F0465", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "5888517E-3C57-4A0A-9895-EA4BCB0A0ED5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BB21291-B9F3-445E-A9E9-EA1822083DD3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", matchCriteriaId: "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*", matchCriteriaId: "C100B62E-9199-4983-AFC2-EBC55AF230BE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*", matchCriteriaId: "4C5C2EED-CA12-416C-8695-18DD215B0351", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "347AB95F-166E-449A-82D7-BEC10257E0D1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", matchCriteriaId: "AAB559BD-4BF7-417F-962F-B8971FF1614B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.", }, { lang: "es", value: "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no manejan de forma adecuada las URIs javascript en los enlaces HTML incluidos en los documentos de error 302 enviados desde servidores web, lo que permite a atacantes remotos asistidos por usuarios realizar un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a (1) inyectar una cabecera Location de respuesta HTTP o (2) especificando el contenidos de una cabecera Location de respuesta HTTP.\r\n", }, ], id: "CVE-2009-3014", lastModified: "2024-11-21T01:06:18.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-08-31T16:30:06.967", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3373/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3386/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3373/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3386/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.", }, { lang: "es", value: "Ciertas versiones (desconocidas) de Mozilla permiten a atacantes remotos causar una denegación de servicio (alto consumo de RAM/CPU) usando Javascritp en un bucle infinito que añade continuamente entrada a un formulario, posiblemente como resultado de inserción de caractéres de control, como se ha demostrado usando un carácter \"Ctrl-U\" embebido.", }, ], id: "CVE-2004-0478", lastModified: "2024-11-20T23:48:40.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-07-07T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.", }, ], id: "CVE-2005-1159", lastModified: "2024-11-20T23:56:44.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013742", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013743", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-40.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13232", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-40.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", versionEndIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", versionEndIncluding: "0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.", }, { lang: "es", value: "Desbordamiento de búfer basado en el montón en SenUidl en la capacidad POP3 de Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, puede permitir a servidores POP3 remotos ejecutar código arbitrario.", }, ], id: "CVE-2004-0757", lastModified: "2024-11-20T23:49:20.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/10856", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/561022", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/10856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/561022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", versionEndIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", versionEndIncluding: "0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.", }, { lang: "es", value: "La función cet_TestHostName en Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, sólo comprueba la porción de nombre de máquina de un certificado cuando la porción de nombre de máquina de la URI no es un nombre de dominio completamente cualificado (FQDN - fully qualified domain name), lo que permite a atacantes remotos suplantar certificados de confianza.", }, ], id: "CVE-2004-0765", lastModified: "2024-11-20T23:49:21.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
conectiva | linux | 9.0 | |
conectiva | linux | 10.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.", }, ], id: "CVE-2004-0902", lastModified: "2024-11-20T23:49:38.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-01-27T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.", }, ], id: "CVE-2005-0989", lastModified: "2024-11-20T23:56:20.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14820", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14821", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/19823", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://securitytracker.com/id?1013635", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://securitytracker.com/id?1013643", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-33.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12988", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14821", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://securitytracker.com/id?1013635", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://securitytracker.com/id?1013643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-33.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"", }, ], id: "CVE-2005-2268", lastModified: "2024-11-20T23:59:10.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/15489", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-54.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/15489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-54.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.", }, ], id: "CVE-2002-2314", lastModified: "2024-11-20T23:43:23.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", }, { source: "cve@mitre.org", url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://seclists.org/bugtraq/2002/Jul/0260.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.iss.net/security_center/static/9656.php", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/5293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/bugtraq/2002/Jul/0260.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.iss.net/security_center/static/9656.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/5293", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.", }, ], id: "CVE-2005-0141", lastModified: "2024-11-20T23:54:30.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-01.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "F23F3867-1318-4ACF-A3A6-F0605BDA8BA3", versionEndExcluding: "1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "E6F232DA-F897-4429-922E-F5CFF865A8AA", versionEndExcluding: "1.7.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.", }, ], id: "CVE-2005-0587", lastModified: "2024-11-20T23:55:27.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2005-03-25T05:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-21.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-21.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | mozilla | * | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.", }, ], id: "CVE-2004-1381", lastModified: "2024-11-20T23:50:44.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-10-20T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/12712", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/12712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.", }, { lang: "es", value: "Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como \"de inyección de marco\".", }, ], id: "CVE-2004-0718", lastModified: "2024-11-20T23:49:14.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-07-27T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/11978", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2005/dsa-777", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/11978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.", }, ], id: "CVE-2005-0588", lastModified: "2024-11-20T23:55:27.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-20.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-20.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-06-14 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.", }, ], id: "CVE-2005-1937", lastModified: "2024-11-20T23:58:27.323", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-06-14T04:00:00.000", references: [ { source: "security@debian.org", url: "http://secunia.com/advisories/15601", }, { source: "security@debian.org", url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { source: "security@debian.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1", }, { source: "security@debian.org", url: "http://www.debian.org/security/2005/dsa-777", }, { source: "security@debian.org", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "security@debian.org", url: "http://www.mozilla.org/security/announce/mfsa2005-51.html", }, { source: "security@debian.org", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "security@debian.org", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "security@debian.org", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "security@debian.org", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "security@debian.org", url: "http://www.securityfocus.com/bid/14242", }, { source: "security@debian.org", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "security@debian.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", }, { source: "security@debian.org", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "security@debian.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007", }, { source: "security@debian.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633", }, { source: "security@debian.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637", }, { source: "security@debian.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/15601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-51.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
netscape | communicator | 4.0 | |
netscape | communicator | 4.4 | |
netscape | communicator | 4.5 | |
netscape | communicator | 4.5_beta | |
netscape | communicator | 4.06 | |
netscape | communicator | 4.6 | |
netscape | communicator | 4.07 | |
netscape | communicator | 4.7 | |
netscape | communicator | 4.08 | |
netscape | communicator | 4.51 | |
netscape | communicator | 4.61 | |
netscape | communicator | 4.72 | |
netscape | communicator | 4.73 | |
netscape | communicator | 4.74 | |
netscape | communicator | 4.75 | |
netscape | communicator | 4.76 | |
netscape | communicator | 4.77 | |
netscape | communicator | 4.78 | |
netscape | navigator | 4.77 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.01 | |
netscape | navigator | 6.1 | |
netscape | navigator | 6.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*", matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*", matchCriteriaId: "0B711600-425F-4FF9-BC5E-B8D182A2B9F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*", matchCriteriaId: "213EB326-33D1-4329-A6BB-B1AA1C626E44", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*", matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*", matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*", matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*", matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*", matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*", matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*", matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*", matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*", matchCriteriaId: "BA48AF1E-99EF-419C-B425-001C7134C6BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*", matchCriteriaId: "C97DE00F-4C73-4C54-918E-D540F2C3297B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*", matchCriteriaId: "C5A07AD2-2293-443A-9A32-316B832A5276", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*", matchCriteriaId: "5A823994-786D-41D7-9FA7-FF8058C4AFD8", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*", matchCriteriaId: "B4613823-DA14-4BE2-986C-2EED3DB82BA7", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*", matchCriteriaId: "FA4FBB90-8A52-41B4-B08A-53A86CF56898", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.", }, ], id: "CVE-2002-2013", lastModified: "2024-11-20T23:42:39.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.iss.net/security_center/static/7973.php", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/3925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.iss.net/security_center/static/7973.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/3925", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n", lastModified: "2006-08-30T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.", }, ], id: "CVE-2005-0578", lastModified: "2024-11-20T23:55:26.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-28.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12659", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-28.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"", }, ], id: "CVE-2005-1154", lastModified: "2024-11-20T23:56:43.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-36.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/13230", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-36.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"", }, ], id: "CVE-2004-0871", lastModified: "2024-11-20T23:49:35.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-09-16T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://securityfocus.com/archive/1/375407", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1011331", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://securityfocus.com/archive/1/375407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1011331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.", }, ], id: "CVE-2004-1450", lastModified: "2024-11-20T23:50:54.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.8 | |
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 0.9.35 | |
mozilla | mozilla | 0.9.48 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.", }, { lang: "es", value: "Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior (\"documento zombi\") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove.", }, ], id: "CVE-2004-0191", lastModified: "2024-11-20T23:47:58.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-03-15T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/4062", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-110.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9747", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/4062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-110.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-23 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.", }, ], id: "CVE-2005-0143", lastModified: "2024-11-20T23:54:30.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-03-23T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-03.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-03.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.", }, { lang: "es", value: "Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contraseñas almacenadas en caché de sitios cifrados con SSL sean sólo enviadas mediante sesiones cifradas con el sitio, lo que permite a atacantes remotos hacer que contraseñas en caché sean enviadas en texto plano al sitio suplantado.", }, ], id: "CVE-2004-0779", lastModified: "2024-11-20T23:49:23.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.", }, ], id: "CVE-2005-0147", lastModified: "2024-11-20T23:54:31.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-09.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-09.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | mozilla | * | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"", }, ], id: "CVE-2004-1380", lastModified: "2024-11-20T23:50:44.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-10-20T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/12712", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/12712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | Broken Link, Exploit | |
cve@mitre.org | http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | Broken Link, Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | Exploit, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | - | |
opera | opera_browser | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:-:*:*:*:*:*:*:*", matchCriteriaId: "03F4563F-7761-429A-971A-96EC556F7E06", vulnerable: true, }, { criteria: "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", matchCriteriaId: "4545786D-3129-4D92-B218-F4A92428ED48", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.", }, ], id: "CVE-2004-2659", lastModified: "2024-11-20T23:53:55.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.", }, ], id: "CVE-2005-0146", lastModified: "2024-11-20T23:54:31.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-08.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-08.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 | |
mozilla | mozilla | 1.4.4 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.8 | |
sgi | propack | 3.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | fedora_core | core_2.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", matchCriteriaId: "81B543F9-C209-46C2-B0AE-E14818A6992E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", matchCriteriaId: "DB89C970-DE94-4E09-A90A-077DB83AD156", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", matchCriteriaId: "E6996B14-925B-46B8-982F-3545328B506B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", matchCriteriaId: "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.", }, ], id: "CVE-2004-1613", lastModified: "2024-11-20T23:51:19.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-10-18T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://securitytracker.com/id?1011810", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11439", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://securitytracker.com/id?1011810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:6.1:*:*:*:*:*:*:*", matchCriteriaId: "0F009302-6798-4189-BE56-FB8E67C64592", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.", }, ], id: "CVE-2002-0593", lastModified: "2024-11-20T23:39:26.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-06-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/270249", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/8039", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/8976.php", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/270249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/8039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/8976.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4637", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the \"Show javascript\" option.", }, ], id: "CVE-2005-1153", lastModified: "2024-11-20T23:56:43.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-35.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-35.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
netscape | communicator | 4.0 | |
netscape | communicator | 4.4 | |
netscape | communicator | 4.5 | |
netscape | communicator | 4.06 | |
netscape | communicator | 4.6 | |
netscape | communicator | 4.07 | |
netscape | communicator | 4.7 | |
netscape | communicator | 4.08 | |
netscape | communicator | 4.51 | |
netscape | communicator | 4.61 | |
netscape | communicator | 4.72 | |
netscape | communicator | 4.73 | |
netscape | communicator | 4.74 | |
netscape | communicator | 4.75 | |
netscape | communicator | 4.76 | |
netscape | communicator | 4.77 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.01 | |
netscape | navigator | 6.1 | |
netscape | navigator | 6.2 | |
netscape | navigator | 6.2.1 | |
netscape | navigator | 6.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*", matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*", matchCriteriaId: "0B711600-425F-4FF9-BC5E-B8D182A2B9F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*", matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*", matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*", matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*", matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*", matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*", matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*", matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*", matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*", matchCriteriaId: "BA48AF1E-99EF-419C-B425-001C7134C6BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*", matchCriteriaId: "C97DE00F-4C73-4C54-918E-D540F2C3297B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*", matchCriteriaId: "C5A07AD2-2293-443A-9A32-316B832A5276", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*", matchCriteriaId: "5A823994-786D-41D7-9FA7-FF8058C4AFD8", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.0:*:mac:*:*:*:*:*", matchCriteriaId: "ACAB9169-BC6E-49CF-9A00-3F3054677B32", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.", }, ], id: "CVE-2002-2338", lastModified: "2024-11-20T23:43:26.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", }, { source: "cve@mitre.org", url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/archive/1/276628", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/9343.php", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/276946", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/5002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/archive/1/276628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/9343.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/276946", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/5002", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "51DBAAAE-0171-4251-ABE7-3FE54A2A6B33", versionEndIncluding: "0.9.2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "1BBE2C2D-BE31-44ED-A8EE-7AC68D24FAF9", versionEndIncluding: "1.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "1EDB7FAB-1D7D-481E-83FD-DD4980278D2A", versionEndIncluding: "0.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.", }, { lang: "es", value: "Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell:", }, ], id: "CVE-2004-0648", lastModified: "2024-11-20T23:49:04.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-06T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12027", }, { source: "cve@mitre.org", url: "http://www.ciac.org/ciac/bulletins/o-175.shtml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/927014", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/security/shell.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/o-175.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/927014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/shell.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.", }, ], id: "CVE-2001-1490", lastModified: "2024-11-20T23:37:48.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/245152", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/3684", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/245152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/3684", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | outlook_express | 6.00.2800.1106 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mutt | mutt | 1.4.1 | |
qualcomm | eudora | 5.2.1 | |
stuart_parmenter | balsa | 2.0.10 | |
sylpheed | sylpheed_email_client | 0.8.11 | |
university_of_washington | pine | 4.53 | |
ximian | evolution | 1.2.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*", matchCriteriaId: "7B6C3153-39B0-4C14-B414-01BE10D8742E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "65DB0D49-CD49-4EF6-9013-1B03E0D644D3", vulnerable: true, }, { criteria: "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D64909E5-6E9A-4873-B23C-C825B5CDBAAE", vulnerable: true, }, { criteria: "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "1A86E91A-CAEA-4580-913C-DF610DEABF27", vulnerable: true, }, { criteria: "cpe:2.3:a:sylpheed:sylpheed_email_client:0.8.11:*:*:*:*:*:*:*", matchCriteriaId: "CED27A6B-FDDB-4729-8E98-86C062357E68", vulnerable: true, }, { criteria: "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*", matchCriteriaId: "C8E05D27-10F6-43CF-B7E9-73A82DE02953", vulnerable: true, }, { criteria: "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "C9A844BF-30CC-4289-81C4-1161FDEBC345", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.", }, { lang: "es", value: "El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros.", }, ], id: "CVE-2003-0300", lastModified: "2024-11-20T23:44:25.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-06-16T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-09-20 22:03
Modified
2024-11-21 00:00
Severity ?
Summary
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*", matchCriteriaId: "659F5DAF-D54F-43FB-AB2A-3FC7D456B434", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:linux:*:*:*:*:*", matchCriteriaId: "5BCA46FD-F3CB-44E5-A383-B6D3800B7BBC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.", }, ], id: "CVE-2005-2968", lastModified: "2024-11-21T00:00:49.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-09-20T22:03:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/16869", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/17042", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/17090", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/17149", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/17263", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/17284", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-866", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-868", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/914681", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-58.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-785.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-791.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14888", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-186-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-186-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-200-1", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1794", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1824", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/16869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/914681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-58.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-785.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-791.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-186-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-186-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-200-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105", }, ], sourceIdentifier: "secalert@redhat.com", vendorComments: [ { comment: "Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n", lastModified: "2006-08-30T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-10-07 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | * | |
sco | openserver | 5.0.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "D1CB48E1-FCDD-49B2-B73E-37E912072683", versionEndIncluding: "1.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.", }, ], id: "CVE-2003-0791", lastModified: "2024-11-20T23:45:32.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2003-10-07T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "URL Repurposed", ], url: "http://secunia.com/advisories/11103/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.osvdb.org/8390", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/advisories/6979", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9322", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://secunia.com/advisories/11103/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.osvdb.org/8390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/advisories/6979", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-11-29 21:03
Modified
2024-11-21 00:03
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.", }, ], id: "CVE-2005-3896", lastModified: "2024-11-21T00:03:00.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-11-29T21:03:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.computerterrorism.com/research/ie/ct21-11-2005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.computerterrorism.com/research/ie/ct21-11-2005", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.", }, ], id: "CVE-2002-2359", lastModified: "2024-11-20T23:43:29.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html", }, { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/9757.php", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/5403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/9757.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/5403", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.", }, ], id: "CVE-2005-0585", lastModified: "2024-11-20T23:55:27.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-03-25T05:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/13599", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2004-15/advisory/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-23.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/13599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2004-15/advisory/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-23.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
netscape | navigator | 7.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"", }, ], id: "CVE-2005-1156", lastModified: "2024-11-20T23:56:44.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14996", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013745", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.mikx.de/firesearching/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/13211", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1013745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.mikx.de/firesearching/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/13211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-29 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | * | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.", }, ], id: "CVE-2004-1316", lastModified: "2024-11-20T23:50:35.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-29T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19823", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-06.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-038.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12131", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-06.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.", }, ], id: "CVE-2005-0399", lastModified: "2024-11-20T23:55:02.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14654", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-160.shtml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/557948", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-30.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12881", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/0296", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://xforce.iss.net/xforce/alerts/id/191", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-160.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/557948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-30.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://xforce.iss.net/xforce/alerts/id/191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.", }, { lang: "es", value: "El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros.", }, ], id: "CVE-2003-0298", lastModified: "2024-11-20T23:44:25.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-06-16T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | camino | 0.8.5 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | * | |
omnigroup | omniweb | 5 | |
opera | opera_browser | * | |
opera_software | opera_web_browser | 7.54 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*", matchCriteriaId: "D044E602-45A5-4B14-8B16-B0978D985027", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "E6F232DA-F897-4429-922E-F5CFF865A8AA", versionEndExcluding: "1.7.6", vulnerable: true, }, { criteria: "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*", matchCriteriaId: "ECD3E937-C813-4564-9E3C-D009D39E8A8B", vulnerable: true, }, { criteria: "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "BFE75E76-E20D-47A4-9603-0AF46F733AEF", versionEndIncluding: "7.54", vulnerable: true, }, { criteria: "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*", matchCriteriaId: "142EB1E3-2918-4792-83D7-9D7B6A3BD26B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.", }, ], id: "CVE-2005-0233", lastModified: "2024-11-20T23:54:41.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-02-08T05:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-29.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12461", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { source: "secalert@redhat.com", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029", }, { source: "secalert@redhat.com", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-29.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-31 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://websecurity.com.ua/3315/ | Exploit | |
cve@mitre.org | http://websecurity.com.ua/3386/ | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/52999 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/3315/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/3386/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52999 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7", versionEndIncluding: "3.0.13", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", matchCriteriaId: "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.6:a1_prerelease:*:*:*:*:*:*", matchCriteriaId: "A5CA287A-0263-4F6A-B685-E243D42FCFFC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:3.7:a1_prerelease:*:*:*:*:*:*", matchCriteriaId: "DCCEA654-2A7F-4950-9FC3-015E2E4582B5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "AA9F1412-B29B-4D13-AEEA-4AF7B12260D0", versionEndIncluding: "1.7.12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", matchCriteriaId: "AAB559BD-4BF7-417F-962F-B8971FF1614B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.", }, { lang: "es", value: "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no bloquean de forma adecuada las URIs data: en las cabeceras Refresh de las respuestas HTTP, lo que permite a atacantes remotos realizar ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a (1) inyectar una cabecera Refresh que contiene secuencias Javascript en una URI data:text/html p (2) introduciendo una URI data:text/html con secuencias javascript cuando se especifica el contenido de una cabecera Refresh. NOTA: en algunas versiones del producto, el javascript se ejecuta fuera del contexto del sitio HTTP.", }, ], id: "CVE-2009-3010", lastModified: "2024-11-21T01:06:17.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-08-31T16:30:06.797", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3315/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3386/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3315/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://websecurity.com.ua/3386/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.", }, ], id: "CVE-2005-0586", lastModified: "2024-11-20T23:55:27.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/13258", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-22.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/13258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-22.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.", }, { lang: "es", value: "Mozilla permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios \"%2e%2e\" (punto punto codificado) en una URL, lo que hace que Mozilla envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo.", }, ], id: "CVE-2003-0594", lastModified: "2024-11-20T23:45:06.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-04-15T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", }, { source: "cve@mitre.org", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 1.0 | |
netscape | navigator | 6.2 | |
netscape | navigator | 6.2.1 | |
netscape | navigator | 6.2.2 | |
netscape | navigator | 6.2.3 | |
opera_software | opera_web_browser | 5.12 | |
opera_software | opera_web_browser | 6.0 | |
opera_software | opera_web_browser | 6.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*", matchCriteriaId: "F49659B4-2878-4D31-BCB8-11CA38D6FA8D", vulnerable: true, }, { criteria: "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.", }, ], id: "CVE-2002-1091", lastModified: "2024-11-20T23:40:34.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-10-04T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", }, { source: "cve@mitre.org", url: "http://crash.ihug.co.nz/~Sneuro/zerogif/", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/10058.php", }, { source: "cve@mitre.org", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5665", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://crash.ihug.co.nz/~Sneuro/zerogif/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/10058.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5665", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-09-14 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C632D06D-0172-46DA-A7F9-0BC484365BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.", }, ], id: "CVE-2004-0905", lastModified: "2024-11-20T23:49:38.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-09-14T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/651928", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11177", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/651928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "D3AB0749-167A-4975-863B-DCF368AA4F9C", versionEndIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.", }, ], id: "CVE-2002-2061", lastModified: "2024-11-20T23:42:46.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.iss.net/security_center/static/9287.php", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.iss.net/security_center/static/9287.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n", lastModified: "2006-08-30T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
netscape | navigator | 7.0 | |
netscape | navigator | 7.0.2 | |
netscape | navigator | 7.1 | |
netscape | navigator | 7.2 | |
conectiva | linux | 9.0 | |
conectiva | linux | 10.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C632D06D-0172-46DA-A7F9-0BC484365BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE", vulnerable: true, }, { criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.", }, ], id: "CVE-2004-0904", lastModified: "2024-11-20T23:49:38.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/847200", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11171", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/847200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.", }, ], id: "CVE-2005-2265", lastModified: "2024-11-20T23:59:10.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16044", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-50.html", }, { source: "secalert@redhat.com", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-50.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.", }, ], id: "CVE-2004-0907", lastModified: "2024-11-20T23:49:39.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
netscape | navigator | 7.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"", }, ], id: "CVE-2005-1157", lastModified: "2024-11-20T23:56:44.267", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14996", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.mikx.de/firesearching/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/13211", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.mikx.de/firesearching/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/13211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.", }, ], id: "CVE-2005-2270", lastModified: "2024-11-20T23:59:10.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1014470", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/652366", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-56.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/652366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-56.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.", }, { lang: "es", value: "Mozilla anteriores a 1.7 permiten a servidores web remotos leer ficheros de su elección mediante JavaScript que establece el valor de una etiqueta <input type=\"file\">.", }, ], id: "CVE-2004-0759", lastModified: "2024-11-20T23:49:20.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-06-11 18:30
Modified
2024-11-21 00:32
Severity ?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*", matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.", }, { lang: "es", value: "Vulnerabilidad de truncamiento visual en Mozilla 1.7.12 permite a atacantes remotos envenenar la barra de dirección y posiblemente conducir ataques de phishing a través de un nombre de host largo, el cual está truncado después de un cierto número de caracteres, como se demostró por un ataque de phishing utilizando HTTP Basic Authentication.", }, ], id: "CVE-2007-3144", lastModified: "2024-11-21T00:32:30.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-06-11T18:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/43466", }, { source: "cve@mitre.org", url: "http://testing.bitsploit.de/test.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.0x000000.com/?i=334", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/24352", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/43466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://testing.bitsploit.de/test.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.0x000000.com/?i=334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/24352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue.\n", lastModified: "2007-08-16T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
firebirdsql | firebird | 0.7 | |
mozilla | mozilla | 0.8 | |
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 0.9.35 | |
mozilla | mozilla | 0.9.48 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 | |
mozilla | mozilla | 1.4.4 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | thunderbird | 0.1 | |
mozilla | thunderbird | 0.2 | |
mozilla | thunderbird | 0.3 | |
mozilla | thunderbird | 0.4 | |
mozilla | thunderbird | 0.5 | |
mozilla | thunderbird | 0.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.", }, ], id: "CVE-2004-1449", lastModified: "2024-11-20T23:50:54.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", }, { source: "cve@mitre.org", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-10-26 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "2B982CDA-3EDB-44A9-950B-F9F670F3E5F7", versionEndIncluding: "0.10", vulnerable: false, }, { criteria: "cpe:2.3:a:mozilla:gecko:2004-09-13:*:*:*:*:*:*:*", matchCriteriaId: "4D263A38-8667-4A0A-9377-55EC69A7B9D6", vulnerable: false, }, { criteria: "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35FB74FC-4614-4325-9249-0DC887FD6C34", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.", }, ], id: "CVE-2004-1639", lastModified: "2024-11-20T23:51:23.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-10-26T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:04
Severity ?
Summary
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", matchCriteriaId: "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", matchCriteriaId: "66BE50FE-EA21-4633-A181-CD35196DF06E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*", matchCriteriaId: "CFDBA992-46F8-42A6-9428-C9E475CA69E3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*", matchCriteriaId: "78647043-8EBD-48AA-98F4-8E6D332C35E6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.9:*:*:*:*:*:*:*", matchCriteriaId: "B628660A-00D7-4B56-8C86-4E33FB98B202", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*", matchCriteriaId: "655FA37C-DA33-4195-AEAF-5A5D40C5C245", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD5B652-8474-4C00-9CDD-62B499045932", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*", matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha1:*:*:*:*:*:*", matchCriteriaId: "366CC212-B8B1-4702-8C10-205184F49DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha3:*:*:*:*:*:*", matchCriteriaId: "A68DFC43-518D-4629-8954-C5764D4BD070", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha4:*:*:*:*:*:*", matchCriteriaId: "03C940C2-F7C5-4791-92C4-A7DF6B965381", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:m15:*:*:*:*:*:*:*", matchCriteriaId: "C85C3F06-8FFF-4A6F-BB86-B66A6031647E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:m16:*:*:*:*:*:*:*", matchCriteriaId: "FE87E2A0-4F55-4265-8E3C-0E5D60538BDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.", }, ], id: "CVE-2005-4685", lastModified: "2024-11-21T00:04:55.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15331", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.", }, ], id: "CVE-2005-0592", lastModified: "2024-11-20T23:55:28.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-03-25T05:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-15.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-15.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.", }, ], id: "CVE-2004-1614", lastModified: "2024-11-20T23:51:19.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-10-18T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1011810", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1011810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11440", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*", matchCriteriaId: "078698FD-775C-4B73-998D-F6B4F601185C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*", matchCriteriaId: "D044E602-45A5-4B14-8B16-B0978D985027", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "31063052-D74D-41D0-B63D-4A7BADAC9C60", versionEndIncluding: "1.6", vulnerable: true, }, { criteria: "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*", matchCriteriaId: "ECD3E937-C813-4564-9E3C-D009D39E8A8B", vulnerable: true, }, { criteria: "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "BFE75E76-E20D-47A4-9603-0AF46F733AEF", versionEndIncluding: "7.54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.", }, ], id: "CVE-2005-0238", lastModified: "2024-11-20T23:54:42.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12461", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.", }, ], id: "CVE-2005-0215", lastModified: "2024-11-20T23:54:39.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.", }, ], id: "CVE-2005-2263", lastModified: "2024-11-20T23:59:09.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-48.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-48.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-12 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via \"non-DOM property overrides,\" a variant of CVE-2005-1160.", }, ], id: "CVE-2005-1532", lastModified: "2024-11-20T23:57:34.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-12T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1013964", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1013965", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-44.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/13645", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/0530", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1013964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1013965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-44.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-27 22:30
Modified
2024-11-21 00:34
Severity ?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.", }, { lang: "es", value: "Vulnerabilidad de inyección de argumento involucrando a Mozilla, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de navegador y ejecutar comandos de su elección mediante metacaracteres de consola de comandos en un URI no especificado, que son insertados en una línea de comando al invocar al proceso gestor, asunto similar a CVE-2007-3670.", }, ], id: "CVE-2007-4039", lastModified: "2024-11-21T00:34:38.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-07-27T22:30:00.000", references: [ { source: "cve@mitre.org", url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.", lastModified: "2007-07-31T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*", matchCriteriaId: "347AB95F-166E-449A-82D7-BEC10257E0D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.", }, ], id: "CVE-2002-0354", lastModified: "2024-11-20T23:38:53.200", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-06-25T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.7.3 | |
mozilla | thunderbird | 0.1 | |
mozilla | thunderbird | 0.2 | |
mozilla | thunderbird | 0.3 | |
mozilla | thunderbird | 0.4 | |
mozilla | thunderbird | 0.5 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.8 | |
mozilla | thunderbird | 0.9 | |
mozilla | thunderbird | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.", }, ], id: "CVE-2005-0255", lastModified: "2024-11-20T23:54:44.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/19823", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-18.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-277.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12659", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-18.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-277.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", versionEndIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", versionEndIncluding: "0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.", }, { lang: "es", value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, permiten a sitios web remotos secuestrar el interfaz del usuario mediante la bandera \"chrome\" y ficheros de Interfaz de Usuario XML (XUL).", }, ], id: "CVE-2004-0764", lastModified: "2024-11-20T23:49:21.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12188", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/262350", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/10832", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/262350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/10832", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-07-25 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | m15 | |
netscape | communicator | 4.0 | |
netscape | communicator | 4.05 | |
netscape | communicator | 4.5 | |
netscape | communicator | 4.5_beta | |
netscape | communicator | 4.06 | |
netscape | communicator | 4.6 | |
netscape | communicator | 4.07 | |
netscape | communicator | 4.7 | |
netscape | communicator | 4.08 | |
netscape | communicator | 4.51 | |
netscape | communicator | 4.61 | |
netscape | communicator | 4.72 | |
netscape | communicator | 4.73 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:m15:*:*:*:*:*:*:*", matchCriteriaId: "C85C3F06-8FFF-4A6F-BB86-B66A6031647E", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*", matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.05:*:*:*:*:*:*:*", matchCriteriaId: "494AFC1E-67A3-41CA-B920-B8F778B68A99", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*", matchCriteriaId: "213EB326-33D1-4329-A6BB-B1AA1C626E44", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*", matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*", matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*", matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*", matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*", matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*", matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*", matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*", matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.", }, ], id: "CVE-2000-0655", lastModified: "2024-11-20T23:32:59.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-07-25T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc", }, { source: "cve@mitre.org", url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2000-046.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/1503", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com", }, { source: "cve@mitre.org", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2000-046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/1503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F0D56153-E20A-46D8-859E-A51E5C03D674", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2C51A6F4-F88F-4BF2-BF71-5DC48559C085", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.", }, ], id: "CVE-2005-2261", lastModified: "2024-11-20T23:59:09.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16044", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-46.html", }, { source: "secalert@redhat.com", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-46.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35FB74FC-4614-4325-9249-0DC887FD6C34", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.", }, ], id: "CVE-2003-1265", lastModified: "2024-11-20T23:46:44.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/10963.php", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/6499", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1005871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/10963.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/6499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1005871", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-02-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
mozilla | thunderbird | 0.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.", }, ], id: "CVE-2005-0149", lastModified: "2024-11-20T23:54:31.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-02-15T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/19823", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-11.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-094.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-11.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-094.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | preview_release | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.4 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
mozilla | thunderbird | 0.8 | |
mozilla | thunderbird | 0.9 | |
mozilla | thunderbird | 1.0 | |
mozilla | thunderbird | 1.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*", matchCriteriaId: "CFDBA992-46F8-42A6-9428-C9E475CA69E3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*", matchCriteriaId: "78647043-8EBD-48AA-98F4-8E6D332C35E6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*", matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*", matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.", }, ], id: "CVE-2005-4809", lastModified: "2024-11-21T00:05:14.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14568", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1013423", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/14885", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/12798", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2005/0260", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1013423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/14885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/12798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/0260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:camino:0.8.4:*:*:*:*:*:*:*", matchCriteriaId: "31C05BFA-D947-47B7-8EA2-5C0F171F0A6F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.", }, ], id: "CVE-2005-2114", lastModified: "2024-11-20T23:58:50.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-05T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1014292", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1014293", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1014294", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1014349", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1014372", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.kurczaba.com/html/security/0506241.htm", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "cve@mitre.org", url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1014372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.kurczaba.com/html/security/0506241.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.", }, ], id: "CVE-2005-2266", lastModified: "2024-11-20T23:59:10.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/15549", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/15551", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/15553", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-52.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/15549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/15551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/15553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-52.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", vulnerable: true, }, { criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.", }, ], id: "CVE-2004-1753", lastModified: "2024-11-20T23:51:39.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12392", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373080", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373232", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373309", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/11059", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/archive/1/373309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/11059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.", }, ], id: "CVE-2004-0906", lastModified: "2024-11-20T23:49:39.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12526/", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/653160", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/11192", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12526/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/653160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/11192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*", matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*", matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*", matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.", }, ], id: "CVE-2004-0908", lastModified: "2024-11-20T23:49:39.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/12526", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/460528", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/11179", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/12526", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/460528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/11179", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.", }, ], id: "CVE-2005-0584", lastModified: "2024-11-20T23:55:27.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-24.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-24.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.", }, { lang: "es", value: "Mozilla 1.5 a 1.7 permiten que un certificado de AC (Autoridad Certificadora) sea importado incluso cuando su DN es el mismo de la AC raíz propia, lo que permite a atacantes remotos causar una denegación de servicio a páginas SSL porque el certificado malicioso es tratado como inválido.", }, ], id: "CVE-2004-0758", lastModified: "2024-11-20T23:49:20.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/784278", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/784278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The privileged \"chrome\" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.", }, ], id: "CVE-2005-1160", lastModified: "2024-11-20T23:56:44.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-41.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/13233", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/15495", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-41.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/13233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF", versionEndIncluding: "0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2", versionEndIncluding: "0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.", }, { lang: "es", value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7 permiten a sitios web remotos instalar extensiones de su elección usando eventes interactivos para manipular el cuadro de diálogo de Seguridad XPInstall.", }, ], id: "CVE-2004-0762", lastModified: "2024-11-20T23:49:20.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-08-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11999/", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15495", }, { source: "cve@mitre.org", url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11999/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-03-04 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL \"secure site\" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.", }, ], id: "CVE-2005-0593", lastModified: "2024-11-20T23:55:28.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-03-04T05:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "secalert@redhat.com", url: "http://www.mozilla.org/security/announce/mfsa2005-14.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/12659", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-14.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-02 22:19
Modified
2024-11-21 00:29
Severity ?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*", matchCriteriaId: "DBEB91FE-FB39-4AB2-8172-2A47EC59861B", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", matchCriteriaId: "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04", versionEndIncluding: "1.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.", }, { lang: "es", value: "El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan al colector de basura que provoca el borrado de un objeto temporal que todavía se está utilizando. NOTA: este asunto podría estar relacionado con CVE-2006-3805.", }, ], id: "CVE-2007-1794", lastModified: "2024-11-21T00:29:10.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-02T22:19:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24624", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1178", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.", }, ], id: "CVE-2005-2260", lastModified: "2024-11-20T23:59:09.443", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16044", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-45.html", }, { source: "secalert@redhat.com", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-45.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.", }, ], id: "CVE-2004-1156", lastModified: "2024-11-20T23:50:14.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/13129/", }, { source: "cve@mitre.org", url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2004-13/advisory/", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/security/announce/mfsa2005-13.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/13129/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2004-13/advisory/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/security/announce/mfsa2005-13.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-02-01 02:02
Modified
2024-11-21 00:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | firefox | 1.0.5 | |
mozilla | firefox | 1.0.6 | |
mozilla | firefox | 1.0.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 | |
mozilla | mozilla | 1.7.10 | |
mozilla | mozilla | 1.7.11 | |
mozilla | mozilla | 1.7.12 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*", matchCriteriaId: "655FA37C-DA33-4195-AEAF-5A5D40C5C245", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD5B652-8474-4C00-9CDD-62B499045932", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*", matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.", }, { lang: "es", value: "Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones anteriores, Mozilla Firefox 1.0.7 y posiblemente versiones anteriores y Netscape 8.1 y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de propiedad CSS (Cascading Style Sheets) -moz-binding, lo que no requiere que la hoja de estilos tenga el mismo origen que la página web, como es demostrado por el compromiso de un gran número de cuentas de LiveJournal.", }, ], id: "CVE-2006-0496", lastModified: "2024-11-21T00:06:35.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-02-01T02:02:00.000", references: [ { source: "cve@mitre.org", url: "http://community.livejournal.com/lj_dev/708069.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015553", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015563", }, { source: "cve@mitre.org", url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/22924", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/16427", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/0403", }, { source: "cve@mitre.org", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://community.livejournal.com/lj_dev/708069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/22924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/16427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/0403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.8 | |
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 0.9.35 | |
mozilla | mozilla | 0.9.48 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 | |
mozilla | mozilla | 1.4.4 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*", matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*", matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*", matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.", }, ], id: "CVE-2004-1451", lastModified: "2024-11-20T23:50:54.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://secunia.com/advisories/10419/", }, { source: "cve@mitre.org", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://secunia.com/advisories/10419/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.", }, ], id: "CVE-2005-0144", lastModified: "2024-11-20T23:54:30.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-04.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/12407", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-04.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/12407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
mozilla | mozilla | 1.7.7 | |
mozilla | mozilla | 1.7.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38", vulnerable: true, }, { criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties (\"XHTML node spoofing\").", }, ], id: "CVE-2005-2269", lastModified: "2024-11-20T23:59:10.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-13T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16043", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16044", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/16059", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19823", }, { source: "secalert@redhat.com", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-55.html", }, { source: "secalert@redhat.com", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14242", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/16059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.mozilla.org/security/announce/mfsa2005-55.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2005/1075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2005-0592
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/12659 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/19823 | third-party-advisory, x_refsource_SECUNIA | |
http://www.mozilla.org/security/announce/mfsa2005-15.html | x_refsource_CONFIRM | |
https://bugzilla.mozilla.org/show_bug.cgi?id=241440 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.novell.com/linux/security/advisories/2006_04_25.html | vendor-advisory, x_refsource_SUSE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-15.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", }, { name: "oval:org.mitre.oval:def:100043", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:10606", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-15.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440", }, { name: "oval:org.mitre.oval:def:100043", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:10606", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0592", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0902
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:11201", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-nspop3protocol-bo(17379)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", }, { name: "mozilla-netscape-nonascii-bo(17378)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:11201", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-nspop3protocol-bo(17379)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", }, { name: "mozilla-netscape-nonascii-bo(17378)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0902", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:11201", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-nspop3protocol-bo(17379)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005", }, { name: "mozilla-netscape-nonascii-bo(17378)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "TA04-261A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0902", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:48.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0191
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2004-110.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2004-112.html | vendor-advisory, x_refsource_REDHAT | |
http://marc.info/?l=bugtraq&m=108448379429944&w=2 | vendor-advisory, x_refsource_HP | |
http://www.osvdb.org/4062 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/9747 | vdb-entry, x_refsource_BID | |
http://marc.info/?l=bugtraq&m=107774710729469&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937 | vdb-entry, signature, x_refsource_OVAL | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874 | vdb-entry, signature, x_refsource_OVAL | |
http://bugzilla.mozilla.org/show_bug.cgi?id=227417 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:10:03.820Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2004:110", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-110.html", }, { name: "RHSA-2004:112", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "SSRT4722", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2", }, { name: "4062", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/4062", }, { name: "mozilla-event-handler-xss(15322)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322", }, { name: "9747", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9747", }, { name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2", }, { name: "oval:org.mitre.oval:def:937", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937", }, { name: "oval:org.mitre.oval:def:874", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-02-25T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-07-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2004:110", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-110.html", }, { name: "RHSA-2004:112", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "SSRT4722", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2", }, { name: "4062", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/4062", }, { name: "mozilla-event-handler-xss(15322)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322", }, { name: "9747", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9747", }, { name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2", }, { name: "oval:org.mitre.oval:def:937", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937", }, { name: "oval:org.mitre.oval:def:874", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2004:110", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-110.html", }, { name: "RHSA-2004:112", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "SSRT4722", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2", }, { name: "4062", refsource: "OSVDB", url: "http://www.osvdb.org/4062", }, { name: "mozilla-event-handler-xss(15322)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322", }, { name: "9747", refsource: "BID", url: "http://www.securityfocus.com/bid/9747", }, { name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2", }, { name: "oval:org.mitre.oval:def:937", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937", }, { name: "oval:org.mitre.oval:def:874", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0191", datePublished: "2004-09-01T04:00:00", dateReserved: "2004-03-03T00:00:00", dateUpdated: "2024-08-08T00:10:03.820Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0791
Vulnerability from cvelistv5
Published
2005-04-14 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
References
▼ | URL | Tags |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.osvdb.org/8390 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/11103/ | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/9322 | vdb-entry, x_refsource_BID | |
https://bugzilla.mozilla.org/show_bug.cgi?id=221526 | x_refsource_MISC | |
http://www.securityfocus.com/advisories/6979 | vendor-advisory, x_refsource_SCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:05:12.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2004:021", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "8390", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/8390", }, { name: "11103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11103/", }, { name: "9322", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9322", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", }, { name: "SCOSA-2004.8", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "http://www.securityfocus.com/advisories/6979", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-10-07T00:00:00", descriptions: [ { lang: "en", value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-04-22T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2004:021", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "8390", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/8390", }, { name: "11103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11103/", }, { name: "9322", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9322", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", }, { name: "SCOSA-2004.8", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "http://www.securityfocus.com/advisories/6979", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0791", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2004:021", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "8390", refsource: "OSVDB", url: "http://www.osvdb.org/8390", }, { name: "11103", refsource: "SECUNIA", url: "http://secunia.com/advisories/11103/", }, { name: "9322", refsource: "BID", url: "http://www.securityfocus.com/bid/9322", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526", }, { name: "SCOSA-2004.8", refsource: "SCO", url: "http://www.securityfocus.com/advisories/6979", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0791", datePublished: "2005-04-14T04:00:00", dateReserved: "2003-09-17T00:00:00", dateUpdated: "2024-08-08T02:05:12.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0907
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/17373 | vdb-entry, x_refsource_XF | |
http://bugzilla.mozilla.org/show_bug.cgi?id=254303 | x_refsource_CONFIRM | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-tar-insecure-permissions(17373)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-tar-insecure-permissions(17373)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0907", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-tar-insecure-permissions(17373)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0907", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:47.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0584
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034 | vdb-entry, signature, x_refsource_OVAL | |
https://bugzilla.mozilla.org/show_bug.cgi?id=277574 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mozilla.org/security/announce/mfsa2005-24.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100034", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574", }, { name: "oval:org.mitre.oval:def:11191", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-24.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:100034", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574", }, { name: "oval:org.mitre.oval:def:11191", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-24.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0584", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2013
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/3925 | vdb-entry, x_refsource_BID | |
http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.iss.net/security_center/static/7973.php | vdb-entry, x_refsource_XF | |
http://alive.znep.com/~marcs/security/mozillacookie/demo.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:51:16.501Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "3925", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3925", }, { name: "20020121 Mozilla Cookie Exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html", }, { name: "mozilla-netscape-steal-cookies(7973)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/7973.php", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-07-14T04:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "3925", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3925", }, { name: "20020121 Mozilla Cookie Exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html", }, { name: "mozilla-netscape-steal-cookies(7973)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/7973.php", }, { tags: [ "x_refsource_MISC", ], url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2013", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "3925", refsource: "BID", url: "http://www.securityfocus.com/bid/3925", }, { name: "20020121 Mozilla Cookie Exploit", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html", }, { name: "mozilla-netscape-steal-cookies(7973)", refsource: "XF", url: "http://www.iss.net/security_center/static/7973.php", }, { name: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", refsource: "MISC", url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2013", datePublished: "2005-07-14T04:00:00Z", dateReserved: "2005-07-14T00:00:00Z", dateUpdated: "2024-09-16T20:12:45.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0871
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
▼ | URL | Tags |
---|---|---|
http://securityfocus.com/archive/1/375407 | mailing-list, x_refsource_BUGTRAQ | |
http://securitytracker.com/id?1011331 | vdb-entry, x_refsource_SECTRACK | |
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://securityfocus.com/archive/1/375407", }, { name: "1011331", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1011331", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", }, { name: "web-browser-cookie-session-hijack(17417)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://securityfocus.com/archive/1/375407", }, { name: "1011331", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1011331", }, { tags: [ "x_refsource_MISC", ], url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", }, { name: "web-browser-cookie-session-hijack(17417)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0871", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", refsource: "BUGTRAQ", url: "http://securityfocus.com/archive/1/375407", }, { name: "1011331", refsource: "SECTRACK", url: "http://securitytracker.com/id?1011331", }, { name: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", refsource: "MISC", url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", }, { name: "web-browser-cookie-session-hijack(17417)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0871", datePublished: "2005-02-13T05:00:00", dateReserved: "2004-09-14T00:00:00", dateUpdated: "2024-08-08T00:31:47.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1614
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=109811406620511&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://securitytracker.com/id?1011810 | vdb-entry, x_refsource_SECTRACK | |
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html | mailing-list, x_refsource_FULLDISC | |
http://lcamtuf.coredump.cx/mangleme/gallery/ | x_refsource_MISC | |
http://www.securityfocus.com/bid/11440 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:00:36.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "1011810", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { name: "11440", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11440", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-10-18T00:00:00", descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "1011810", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { name: "11440", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11440", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1614", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20041018 Web browsers - a mini-farce", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "1011810", refsource: "SECTRACK", url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { name: "http://lcamtuf.coredump.cx/mangleme/gallery/", refsource: "MISC", url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, { name: "11440", refsource: "BID", url: "http://www.securityfocus.com/bid/11440", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1614", datePublished: "2005-02-20T05:00:00", dateReserved: "2005-02-20T00:00:00", dateUpdated: "2024-08-08T01:00:36.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0590
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-17.html", }, { name: "oval:org.mitre.oval:def:100041", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", }, { name: "oval:org.mitre.oval:def:10010", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-17.html", }, { name: "oval:org.mitre.oval:def:100041", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", }, { name: "oval:org.mitre.oval:def:10010", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0590", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0903
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
References
▼ | URL | Tags |
---|---|---|
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 | vdb-entry, x_refsource_XF | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://www.kb.cert.org/vuls/id/414240 | third-party-advisory, x_refsource_CERT-VN | |
http://bugzilla.mozilla.org/show_bug.cgi?id=257314 | x_refsource_CONFIRM | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/11174 | vdb-entry, x_refsource_BID | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 | vdb-entry, signature, x_refsource_OVAL | |
http://www.us-cert.gov/cas/techalerts/TA04-261A.html | third-party-advisory, x_refsource_CERT | |
http://marc.info/?l=bugtraq&m=109698896104418&w=2 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "mozilla-netscape-nsvcardobj-bo(17380)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "VU#414240", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/414240", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11174", }, { name: "oval:org.mitre.oval:def:10873", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "mozilla-netscape-nsvcardobj-bo(17380)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "VU#414240", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/414240", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11174", }, { name: "oval:org.mitre.oval:def:10873", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0903", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "mozilla-netscape-nsvcardobj-bo(17380)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "VU#414240", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/414240", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11174", refsource: "BID", url: "http://www.securityfocus.com/bid/11174", }, { name: "oval:org.mitre.oval:def:10873", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873", }, { name: "TA04-261A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0903", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:47.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1937
Vulnerability from cvelistv5
Published
2005-06-13 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:06:57.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "DSA-777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-777", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:10633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-51.html", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "oval:org.mitre.oval:def:759", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:100007", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:637", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "101952", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1", }, { name: "15601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15601", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-06-06T00:00:00", descriptions: [ { lang: "en", value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "DSA-777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-777", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:10633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-51.html", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "oval:org.mitre.oval:def:759", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:100007", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:637", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "101952", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1", }, { name: "15601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15601", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2005-1937", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-810", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "DSA-777", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-777", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850", }, { name: "FLSA:160202", refsource: "FEDORA", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:10633", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633", }, { name: "RHSA-2005:587", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-51.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-51.html", }, { name: "ADV-2005-1075", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "oval:org.mitre.oval:def:759", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759", }, { name: "SUSE-SA:2005:045", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", refsource: "BID", url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:100007", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007", }, { name: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:637", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637", }, { name: "RHSA-2005:586", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "101952", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1", }, { name: "15601", refsource: "SECUNIA", url: "http://secunia.com/advisories/15601", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2005-1937", datePublished: "2005-06-13T04:00:00", dateReserved: "2005-06-13T00:00:00", dateUpdated: "2024-08-07T22:06:57.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1154
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:35:59.960Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "oval:org.mitre.oval:def:100022", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "13230", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13230", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "oval:org.mitre.oval:def:10339", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-36.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "oval:org.mitre.oval:def:100022", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "13230", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13230", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "oval:org.mitre.oval:def:10339", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-36.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1154", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:35:59.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0142
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
References
▼ | URL | Tags |
---|---|---|
http://www.mozilla.org/security/announce/mfsa2005-02.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17832 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
http://secunia.com/advisories/19823 | third-party-advisory, x_refsource_SECUNIA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543 | vdb-entry, signature, x_refsource_OVAL | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.mozilla.org/show_bug.cgi?id=251297 | x_refsource_CONFIRM | |
http://www.novell.com/linux/security/advisories/2006_04_25.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-02.html", }, { name: "mozilla-world-readable(17832)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543", }, { name: "oval:org.mitre.oval:def:100056", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-02.html", }, { name: "mozilla-world-readable(17832)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543", }, { name: "oval:org.mitre.oval:def:100056", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0142", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/security/announce/mfsa2005-02.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-02.html", }, { name: "mozilla-world-readable(17832)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9543", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543", }, { name: "oval:org.mitre.oval:def:100056", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0142", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0215
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=110512665029209&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18803 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20050107 Mozilla XBM Image Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2", }, { name: "mozilla-xbm-dos(18803)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-07T00:00:00", descriptions: [ { lang: "en", value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20050107 Mozilla XBM Image Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2", }, { name: "mozilla-xbm-dos(18803)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0215", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20050107 Mozilla XBM Image Vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2", }, { name: "mozilla-xbm-dos(18803)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0215", datePublished: "2005-02-06T05:00:00", dateReserved: "2005-02-01T00:00:00", dateUpdated: "2024-08-07T21:05:25.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0143
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/12407 | vdb-entry, x_refsource_BID | |
http://www.mozilla.org/security/announce/mfsa2005-03.html | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297 | vdb-entry, signature, x_refsource_OVAL | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19166 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.mozilla.org/show_bug.cgi?id=257308 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-03.html", }, { name: "oval:org.mitre.oval:def:100055", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "oval:org.mitre.oval:def:11297", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297", }, { name: "mozilla-ssl-spoofing(19166)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-03.html", }, { name: "oval:org.mitre.oval:def:100055", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "oval:org.mitre.oval:def:11297", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297", }, { name: "mozilla-ssl-spoofing(19166)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0143", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-03.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-03.html", }, { name: "oval:org.mitre.oval:def:100055", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "oval:org.mitre.oval:def:11297", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297", }, { name: "mozilla-ssl-spoofing(19166)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0143", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1532
Vulnerability from cvelistv5
Published
2005-05-12 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:51:50.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-44.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "RHSA-2005:435", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "1013964", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013964", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:100014", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "1013965", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013965", }, { name: "13645", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13645", }, { name: "oval:org.mitre.oval:def:10791", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791", }, { name: "ADV-2005-0530", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0530", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:434", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-11T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via \"non-DOM property overrides,\" a variant of CVE-2005-1160.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-44.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "RHSA-2005:435", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "1013964", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013964", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:100014", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "1013965", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013965", }, { name: "13645", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13645", }, { name: "oval:org.mitre.oval:def:10791", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791", }, { name: "ADV-2005-0530", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0530", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:434", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1532", datePublished: "2005-05-12T04:00:00", dateReserved: "2005-05-12T00:00:00", dateUpdated: "2024-08-07T21:51:50.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0587
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037 | vdb-entry, signature, x_refsource_OVAL | |
http://www.securityfocus.com/bid/12659 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/19823 | third-party-advisory, x_refsource_SECUNIA | |
http://www.mozilla.org/security/announce/mfsa2005-21.html | x_refsource_CONFIRM | |
http://www.novell.com/linux/security/advisories/2006_04_25.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100037", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037", }, { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-21.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:100037", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037", }, { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-21.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2005-0587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:100037", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037", }, { name: "12659", refsource: "BID", url: "http://www.securityfocus.com/bid/12659", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-21.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-21.html", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0587", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0764
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12188", }, { name: "mozilla-user-interface-spoofing(16837)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:2418", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "VU#262350", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/262350", }, { name: "10832", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10832", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", }, { name: "oval:org.mitre.oval:def:9419", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-07-30T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "12188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12188", }, { name: "mozilla-user-interface-spoofing(16837)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:2418", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "VU#262350", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/262350", }, { name: "10832", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10832", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", }, { name: "oval:org.mitre.oval:def:9419", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0764", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "12188", refsource: "SECUNIA", url: "http://secunia.com/advisories/12188", }, { name: "mozilla-user-interface-spoofing(16837)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:2418", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "VU#262350", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/262350", }, { name: "10832", refsource: "BID", url: "http://www.securityfocus.com/bid/10832", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965", }, { name: "oval:org.mitre.oval:def:9419", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0764", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:47.321Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1380
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
http://www.mozilla.org/security/announce/mfsa2005-05.html | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050 | vdb-entry, signature, x_refsource_OVAL | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18864 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
http://secunia.com/multiple_browsers_form_field_focus_test/ | x_refsource_MISC | |
http://secunia.com/advisories/12712 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ | x_refsource_MISC | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:46:12.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "oval:org.mitre.oval:def:100050", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050", }, { name: "web-browser-modal-spoofing(18864)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12712", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { name: "oval:org.mitre.oval:def:10211", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-10-20T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "oval:org.mitre.oval:def:100050", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050", }, { name: "web-browser-modal-spoofing(18864)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12712", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { name: "oval:org.mitre.oval:def:10211", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1380", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-05.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "oval:org.mitre.oval:def:100050", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050", }, { name: "web-browser-modal-spoofing(18864)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "http://secunia.com/multiple_browsers_form_field_focus_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", refsource: "SECUNIA", url: "http://secunia.com/advisories/12712", }, { name: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, { name: "oval:org.mitre.oval:def:10211", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1380", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-08T00:46:12.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1613
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=109811406620511&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/11439 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17805 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227 | vdb-entry, signature, x_refsource_OVAL | |
http://securitytracker.com/id?1011810 | vdb-entry, x_refsource_SECTRACK | |
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html | mailing-list, x_refsource_FULLDISC | |
http://lcamtuf.coredump.cx/mangleme/gallery/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:00:36.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "11439", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11439", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-html-tags-dos(17805)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", }, { name: "oval:org.mitre.oval:def:10227", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", }, { name: "1011810", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-10-18T00:00:00", descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "11439", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11439", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-html-tags-dos(17805)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", }, { name: "oval:org.mitre.oval:def:10227", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", }, { name: "1011810", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1613", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20041018 Web browsers - a mini-farce", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2", }, { name: "11439", refsource: "BID", url: "http://www.securityfocus.com/bid/11439", }, { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-html-tags-dos(17805)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", }, { name: "oval:org.mitre.oval:def:10227", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", }, { name: "1011810", refsource: "SECTRACK", url: "http://securitytracker.com/id?1011810", }, { name: "20041018 Web browsers - a mini-farce", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", }, { name: "http://lcamtuf.coredump.cx/mangleme/gallery/", refsource: "MISC", url: "http://lcamtuf.coredump.cx/mangleme/gallery/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1613", datePublished: "2005-02-20T05:00:00", dateReserved: "2005-02-20T00:00:00", dateUpdated: "2024-08-08T01:00:36.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0779
Vulnerability from cvelistv5
Published
2004-08-14 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
References
▼ | URL | Tags |
---|---|---|
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 | x_refsource_CONFIRM | |
http://bugzilla.mozilla.org/show_bug.cgi?id=226278 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17018 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", }, { name: "mozilla-plaintext-password(17018)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", }, { name: "mozilla-plaintext-password(17018)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2004:082", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278", }, { name: "mozilla-plaintext-password(17018)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0779", datePublished: "2004-08-14T04:00:00", dateReserved: "2004-08-13T00:00:00", dateUpdated: "2024-08-08T00:31:46.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0909
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
References
▼ | URL | Tags |
---|---|---|
http://bugzilla.mozilla.org/show_bug.cgi?id=253942 | x_refsource_CONFIRM | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.kb.cert.org/vuls/id/113192 | third-party-advisory, x_refsource_CERT-VN | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17377 | vdb-entry, x_refsource_XF | |
http://marc.info/?l=bugtraq&m=109698896104418&w=2 | vendor-advisory, x_refsource_HP | |
http://secunia.com/advisories/12526 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "VU#113192", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/113192", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-enableprivilege-modify-dialog(17377)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12526", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "VU#113192", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/113192", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-enableprivilege-modify-dialog(17377)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12526", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0909", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "VU#113192", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/113192", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-enableprivilege-modify-dialog(17377)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", refsource: "SECUNIA", url: "http://secunia.com/advisories/12526", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0909", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:48.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-3014
Vulnerability from cvelistv5
Published
2009-08-31 16:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
References
▼ | URL | Tags |
---|---|---|
http://websecurity.com.ua/3373/ | x_refsource_MISC | |
http://websecurity.com.ua/3386/ | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/52995 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/archive/1/506163/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:55.185Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://websecurity.com.ua/3373/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://websecurity.com.ua/3386/", }, { name: "firefox-seamonkey-javascript-xss(52995)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995", }, { name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-07-30T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://websecurity.com.ua/3373/", }, { tags: [ "x_refsource_MISC", ], url: "http://websecurity.com.ua/3386/", }, { name: "firefox-seamonkey-javascript-xss(52995)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995", }, { name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3014", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://websecurity.com.ua/3373/", refsource: "MISC", url: "http://websecurity.com.ua/3373/", }, { name: "http://websecurity.com.ua/3386/", refsource: "MISC", url: "http://websecurity.com.ua/3386/", }, { name: "firefox-seamonkey-javascript-xss(52995)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995", }, { name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3014", datePublished: "2009-08-31T16:00:00", dateReserved: "2009-08-31T00:00:00", dateUpdated: "2024-08-07T06:14:55.185Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0399
Vulnerability from cvelistv5
Published
2005-03-24 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:13:53.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "RHSA-2005:336", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { name: "ADV-2005-0296", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0296", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "oval:org.mitre.oval:def:100028", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "P-160", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-160.shtml", }, { name: "gif-extension-overflow(19269)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269", }, { name: "12881", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12881", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-30.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877", }, { name: "20050323 Mozilla Foundation GIF Overflow", tags: [ "third-party-advisory", "x_refsource_ISS", "x_transferred", ], url: "http://xforce.iss.net/xforce/alerts/id/191", }, { name: "VU#557948", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/557948", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "oval:org.mitre.oval:def:11377", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377", }, { name: "14654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14654", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:337", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-03-23T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "RHSA-2005:336", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { name: "ADV-2005-0296", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0296", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "oval:org.mitre.oval:def:100028", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "P-160", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-160.shtml", }, { name: "gif-extension-overflow(19269)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269", }, { name: "12881", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12881", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-30.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877", }, { name: "20050323 Mozilla Foundation GIF Overflow", tags: [ "third-party-advisory", "x_refsource_ISS", ], url: "http://xforce.iss.net/xforce/alerts/id/191", }, { name: "VU#557948", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/557948", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "oval:org.mitre.oval:def:11377", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377", }, { name: "14654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14654", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:337", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0399", datePublished: "2005-03-24T05:00:00", dateReserved: "2005-02-14T00:00:00", dateUpdated: "2024-08-07T21:13:53.801Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1449
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
References
▼ | URL | Tags |
---|---|---|
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 | vendor-advisory, x_refsource_MANDRAKE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:53:23.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-02-11T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-15T16:38:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2004:082", refsource: "MANDRAKE", url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1449", datePublished: "2005-02-13T05:00:00", dateReserved: "2005-02-13T00:00:00", dateUpdated: "2024-08-08T00:53:23.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0757
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:11042", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042", }, { name: "10856", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/10856", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-senduidl-pop3-bo(16869)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3250", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250", }, { name: "VU#561022", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/561022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:11042", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042", }, { name: "10856", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/10856", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-senduidl-pop3-bo(16869)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3250", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250", }, { name: "VU#561022", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/561022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:11042", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042", }, { name: "10856", refsource: "SECUNIA", url: "http://secunia.com/advisories/10856", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-senduidl-pop3-bo(16869)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3250", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250", }, { name: "VU#561022", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/561022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0757", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:47.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0904
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 | vdb-entry, x_refsource_XF | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://bugzilla.mozilla.org/show_bug.cgi?id=255067 | x_refsource_CONFIRM | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/11171 | vdb-entry, x_refsource_BID | |
http://www.us-cert.gov/cas/techalerts/TA04-261A.html | third-party-advisory, x_refsource_CERT | |
http://marc.info/?l=bugtraq&m=109698896104418&w=2 | vendor-advisory, x_refsource_HP | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 | vdb-entry, signature, x_refsource_OVAL | |
http://www.kb.cert.org/vuls/id/847200 | third-party-advisory, x_refsource_CERT-VN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-netscape-bmp-bo(17381)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11171", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11171", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "oval:org.mitre.oval:def:10952", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", }, { name: "VU#847200", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/847200", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-netscape-bmp-bo(17381)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11171", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11171", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "oval:org.mitre.oval:def:10952", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", }, { name: "VU#847200", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/847200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0904", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-netscape-bmp-bo(17381)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "11171", refsource: "BID", url: "http://www.securityfocus.com/bid/11171", }, { name: "TA04-261A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "oval:org.mitre.oval:def:10952", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952", }, { name: "VU#847200", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/847200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0904", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:47.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1153
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:35:59.978Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-35.html", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "oval:org.mitre.oval:def:9584", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584", }, { name: "oval:org.mitre.oval:def:100023", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the \"Show javascript\" option.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-35.html", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "oval:org.mitre.oval:def:9584", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584", }, { name: "oval:org.mitre.oval:def:100023", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1153", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:35:59.978Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2359
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/5403 | vdb-entry, x_refsource_BID | |
http://bugzilla.mozilla.org/show_bug.cgi?id=154030 | x_refsource_MISC | |
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html | mailing-list, x_refsource_VULNWATCH | |
http://www.iss.net/security_center/static/9757.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:59:11.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "5403", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5403", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", }, { name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html", }, { name: "multiple-ftp-view-xss(9757)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9757.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-10-29T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "5403", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5403", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", }, { name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html", }, { name: "multiple-ftp-view-xss(9757)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9757.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2359", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "5403", refsource: "BID", url: "http://www.securityfocus.com/bid/5403", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", refsource: "MISC", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030", }, { name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html", }, { name: "multiple-ftp-view-xss(9757)", refsource: "XF", url: "http://www.iss.net/security_center/static/9757.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2359", datePublished: "2007-10-29T19:00:00Z", dateReserved: "2007-10-29T00:00:00Z", dateUpdated: "2024-09-16T19:19:22.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2269
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:47.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:100005", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "oval:org.mitre.oval:def:100004", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004", }, { name: "oval:org.mitre.oval:def:729", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-55.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:100011", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011", }, { name: "oval:org.mitre.oval:def:9777", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:1258", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties (\"XHTML node spoofing\").", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:100005", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "oval:org.mitre.oval:def:100004", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004", }, { name: "oval:org.mitre.oval:def:729", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729", }, { tags: [ "x_refsource_MISC", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-55.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:100011", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011", }, { name: "oval:org.mitre.oval:def:9777", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:1258", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2269", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:47.768Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0762
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:4403", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-dialog-code-execution(16623)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", }, { name: "oval:org.mitre.oval:def:10032", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032", }, { name: "11999", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11999/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-07-05T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:4403", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-dialog-code-execution(16623)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", }, { name: "oval:org.mitre.oval:def:10032", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032", }, { name: "11999", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11999/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:4403", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "mozilla-dialog-code-execution(16623)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020", }, { name: "oval:org.mitre.oval:def:10032", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032", }, { name: "11999", refsource: "SECUNIA", url: "http://secunia.com/advisories/11999/", }, { name: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", refsource: "MISC", url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0762", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:46.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1753
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/373309 | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/12392 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/archive/1/373080 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/archive/1/373232 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/11059 | vdb-entry, x_refsource_BID | |
http://bugzilla.mozilla.org/show_bug.cgi?id=162134 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:00:37.238Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/373309", }, { name: "12392", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12392", }, { name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/373080", }, { name: "netscape-java-tab-spoofing(17137)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", }, { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/373232", }, { name: "11059", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11059", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-26T00:00:00", descriptions: [ { lang: "en", value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/373309", }, { name: "12392", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12392", }, { name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/373080", }, { name: "netscape-java-tab-spoofing(17137)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", }, { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/373232", }, { name: "11059", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11059", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1753", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/373309", }, { name: "12392", refsource: "SECUNIA", url: "http://secunia.com/advisories/12392", }, { name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/373080", }, { name: "netscape-java-tab-spoofing(17137)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", }, { name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/373232", }, { name: "11059", refsource: "BID", url: "http://www.securityfocus.com/bid/11059", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", refsource: "MISC", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1753", datePublished: "2005-02-26T05:00:00", dateReserved: "2005-02-26T00:00:00", dateUpdated: "2024-08-08T01:00:37.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0758
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "GLSA-200408-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:3134", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-certificate-dos(16706)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706", }, { name: "oval:org.mitre.oval:def:10304", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304", }, { name: "VU#784278", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/784278", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "GLSA-200408-22", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:3134", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-certificate-dos(16706)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706", }, { name: "oval:org.mitre.oval:def:10304", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304", }, { name: "VU#784278", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/784278", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0758", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "GLSA-200408-22", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:3134", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-certificate-dos(16706)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706", }, { name: "oval:org.mitre.oval:def:10304", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304", }, { name: "VU#784278", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/784278", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004", }, { name: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0758", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:46.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1316
Vulnerability from cvelistv5
Published
2004-12-31 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
References
▼ | URL | Tags |
---|---|---|
http://www.mozilla.org/security/announce/mfsa2005-06.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/19823 | third-party-advisory, x_refsource_SECUNIA | |
http://marc.info/?l=bugtraq&m=110780717916478&w=2 | vendor-advisory, x_refsource_HP | |
http://www.securityfocus.com/bid/12131 | vdb-entry, x_refsource_BID | |
http://marc.info/?l=bugtraq&m=110436284718949&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18711 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052 | vdb-entry, signature, x_refsource_OVAL | |
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt | x_refsource_MISC | |
http://www.novell.com/linux/security/advisories/2006_04_25.html | vendor-advisory, x_refsource_SUSE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-038.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:46:12.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-06.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "HPSBTU01114", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2", }, { name: "12131", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12131", }, { name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2", }, { name: "mozilla-nntp-bo(18711)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711", }, { name: "oval:org.mitre.oval:def:100052", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:9808", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808", }, { name: "RHSA-2005:038", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-038.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-12-29T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-06.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "HPSBTU01114", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2", }, { name: "12131", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12131", }, { name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2", }, { name: "mozilla-nntp-bo(18711)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711", }, { name: "oval:org.mitre.oval:def:100052", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052", }, { tags: [ "x_refsource_MISC", ], url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:9808", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808", }, { name: "RHSA-2005:038", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-038.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/security/announce/mfsa2005-06.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-06.html", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "HPSBTU01114", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2", }, { name: "12131", refsource: "BID", url: "http://www.securityfocus.com/bid/12131", }, { name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2", }, { name: "mozilla-nntp-bo(18711)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711", }, { name: "oval:org.mitre.oval:def:100052", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052", }, { name: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", refsource: "MISC", url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:9808", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808", }, { name: "RHSA-2005:038", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-038.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1316", datePublished: "2004-12-31T05:00:00", dateReserved: "2004-12-30T00:00:00", dateUpdated: "2024-08-08T00:46:12.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0722
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | vendor-advisory, x_refsource_SCO | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.redhat.com/support/errata/RHSA-2004-421.html | vendor-advisory, x_refsource_REDHAT | |
http://bugzilla.mozilla.org/show_bug.cgi?id=236618 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378 | vdb-entry, signature, x_refsource_OVAL | |
http://www.securityfocus.com/bid/15495 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16862 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629 | vdb-entry, signature, x_refsource_OVAL | |
http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:24:27.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", }, { name: "oval:org.mitre.oval:def:9378", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-netscape-soapparameter-bo(16862)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862", }, { name: "oval:org.mitre.oval:def:4629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", }, { name: "oval:org.mitre.oval:def:9378", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-netscape-soapparameter-bo(16862)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862", }, { name: "oval:org.mitre.oval:def:4629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629", }, { tags: [ "x_refsource_MISC", ], url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", }, { name: "oval:org.mitre.oval:def:9378", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-netscape-soapparameter-bo(16862)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862", }, { name: "oval:org.mitre.oval:def:4629", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629", }, { name: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", refsource: "MISC", url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0722", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-07-22T00:00:00", dateUpdated: "2024-08-08T00:24:27.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0989
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:35:59.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100025", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "12988", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12988", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "14820", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14820", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "1013635", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013635", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "1013643", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013643", }, { name: "oval:org.mitre.oval:def:11706", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-33.html", }, { name: "14821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14821", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-04T00:00:00", descriptions: [ { lang: "en", value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:100025", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "12988", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12988", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "14820", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14820", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "1013635", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013635", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "1013643", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013643", }, { name: "oval:org.mitre.oval:def:11706", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-33.html", }, { name: "14821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14821", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0989", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:100025", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025", }, { name: "RHSA-2005:386", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "12988", refsource: "BID", url: "http://www.securityfocus.com/bid/12988", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "14820", refsource: "SECUNIA", url: "http://secunia.com/advisories/14820", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "1013635", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013635", }, { name: "RHSA-2005:601", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "1013643", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013643", }, { name: "oval:org.mitre.oval:def:11706", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-33.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-33.html", }, { name: "14821", refsource: "SECUNIA", url: "http://secunia.com/advisories/14821", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0989", datePublished: "2005-04-06T04:00:00", dateReserved: "2005-04-06T00:00:00", dateUpdated: "2024-08-07T21:35:59.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0298
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:50:47.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20030514 Buffer overflows in multiple IMAP clients", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-05-14T00:00:00", descriptions: [ { lang: "en", value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20030514 Buffer overflows in multiple IMAP clients", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0298", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20030514 Buffer overflows in multiple IMAP clients", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0298", datePublished: "2003-05-15T04:00:00", dateReserved: "2003-05-14T00:00:00", dateUpdated: "2024-08-08T01:50:47.565Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1639
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html | mailing-list, x_refsource_VULNWATCH | |
http://marc.info/?l=bugtraq&m=109886388528179&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17839 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:00:36.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html", }, { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2", }, { name: "mozilla-html-dos(17839)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-10-26T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html", }, { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2", }, { name: "mozilla-html-dos(17839)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html", }, { name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2", }, { name: "mozilla-html-dos(17839)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1639", datePublished: "2005-02-20T05:00:00", dateReserved: "2005-02-20T00:00:00", dateUpdated: "2024-08-08T01:00:36.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4809
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/14568 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/12798 | vdb-entry, x_refsource_BID | |
http://securitytracker.com/id?1013423 | vdb-entry, x_refsource_SECTRACK | |
http://www.osvdb.org/14885 | vdb-entry, x_refsource_OSVDB | |
http://marc.info/?l=full-disclosure&m=111073068631287&w=2 | mailing-list, x_refsource_FULLDISC | |
http://www.vupen.com/english/advisories/2005/0260 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:01:23.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-save-link-as-dialog-spoofing(19540)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540", }, { name: "14568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14568", }, { name: "12798", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12798", }, { name: "1013423", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013423", }, { name: "14885", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/14885", }, { name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2", }, { name: "ADV-2005-0260", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0260", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-03-13T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-save-link-as-dialog-spoofing(19540)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540", }, { name: "14568", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14568", }, { name: "12798", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12798", }, { name: "1013423", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013423", }, { name: "14885", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/14885", }, { name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2", }, { name: "ADV-2005-0260", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0260", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-4809", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-save-link-as-dialog-spoofing(19540)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540", }, { name: "14568", refsource: "SECUNIA", url: "http://secunia.com/advisories/14568", }, { name: "12798", refsource: "BID", url: "http://www.securityfocus.com/bid/12798", }, { name: "1013423", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013423", }, { name: "14885", refsource: "OSVDB", url: "http://www.osvdb.org/14885", }, { name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", refsource: "FULLDISC", url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2", }, { name: "ADV-2005-0260", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2005/0260", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-4809", datePublished: "2006-08-30T01:00:00", dateReserved: "2006-08-29T00:00:00", dateUpdated: "2024-08-08T00:01:23.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2314
Vulnerability from cvelistv5
Published
2007-10-26 19:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
References
▼ | URL | Tags |
---|---|---|
http://www.iss.net/security_center/static/9656.php | vdb-entry, x_refsource_XF | |
http://bugzilla.mozilla.org/show_bug.cgi?id=152725 | x_refsource_MISC | |
http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | x_refsource_CONFIRM | |
http://seclists.org/bugtraq/2002/Jul/0260.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.securityfocus.com/bid/5293 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:59:11.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-javascript-steal-cookies(9656)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9656.php", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", }, { name: "20020918 Mozilla vulnerabilities, an update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "20020724 Mozilla cookie stealing - Sandblad advisory #9", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2002/Jul/0260.html", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { name: "5293", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5293", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-10-26T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-javascript-steal-cookies(9656)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9656.php", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", }, { name: "20020918 Mozilla vulnerabilities, an update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "20020724 Mozilla cookie stealing - Sandblad advisory #9", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2002/Jul/0260.html", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { name: "5293", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5293", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-javascript-steal-cookies(9656)", refsource: "XF", url: "http://www.iss.net/security_center/static/9656.php", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", refsource: "MISC", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725", }, { name: "20020918 Mozilla vulnerabilities, an update", refsource: "BUGTRAQ", url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html", }, { name: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", refsource: "CONFIRM", url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "20020724 Mozilla cookie stealing - Sandblad advisory #9", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2002/Jul/0260.html", }, { name: "MDKSA-2002:074", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { name: "5293", refsource: "BID", url: "http://www.securityfocus.com/bid/5293", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2314", datePublished: "2007-10-26T19:00:00Z", dateReserved: "2007-10-26T00:00:00Z", dateUpdated: "2024-09-17T03:43:50.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0354
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=102017952204097&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://marc.info/?l=ntbugtraq&m=102020343728766&w=2 | mailing-list, x_refsource_NTBUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:49:27.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2", }, { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-04-25T00:00:00", descriptions: [ { lang: "en", value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2", }, { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_NTBUGTRAQ", ], url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0354", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2", }, { name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", refsource: "NTBUGTRAQ", url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0354", datePublished: "2002-05-03T04:00:00", dateReserved: "2002-05-01T00:00:00", dateUpdated: "2024-08-08T02:49:27.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2338
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/276946 | mailing-list, x_refsource_BUGTRAQ | |
http://online.securityfocus.com/archive/1/276628 | mailing-list, x_refsource_BUGTRAQ | |
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 | vendor-advisory, x_refsource_MANDRAKE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=144228 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/5002 | vdb-entry, x_refsource_BID | |
http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | x_refsource_CONFIRM | |
http://www.iss.net/security_center/static/9343.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:59:11.958Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/276946", }, { name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/276628", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", }, { name: "5002", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5002", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "mozilla-netscape-pop3-dos(9343)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9343.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-10-29T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/276946", }, { name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/276628", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", }, { name: "5002", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5002", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "mozilla-netscape-pop3-dos(9343)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9343.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2338", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/276946", }, { name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/276628", }, { name: "MDKSA-2002:074", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", }, { name: "5002", refsource: "BID", url: "http://www.securityfocus.com/bid/5002", }, { name: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", refsource: "CONFIRM", url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "mozilla-netscape-pop3-dos(9343)", refsource: "XF", url: "http://www.iss.net/security_center/static/9343.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2338", datePublished: "2007-10-29T19:00:00Z", dateReserved: "2007-10-29T00:00:00Z", dateUpdated: "2024-09-16T20:06:54.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0401
Vulnerability from cvelistv5
Published
2005-03-24 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:13:54.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:336", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { name: "ADV-2005-0296", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0296", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://mikx.de/firescrolling2/", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "oval:org.mitre.oval:def:9650", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-32.html", }, { name: "12885", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12885", }, { name: "oval:org.mitre.oval:def:100026", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "20050324 Firescrolling 2 [Firefox 1.0.1]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2", }, { name: "14654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14654", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-03-23T00:00:00", descriptions: [ { lang: "en", value: "FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka \"Firescrolling 2.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:336", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-336.html", }, { name: "ADV-2005-0296", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0296", }, { tags: [ "x_refsource_MISC", ], url: "http://mikx.de/firescrolling2/", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "oval:org.mitre.oval:def:9650", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-32.html", }, { name: "12885", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12885", }, { name: "oval:org.mitre.oval:def:100026", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "20050324 Firescrolling 2 [Firefox 1.0.1]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2", }, { name: "14654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14654", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0401", datePublished: "2005-03-24T05:00:00", dateReserved: "2005-02-14T00:00:00", dateUpdated: "2024-08-07T21:13:54.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0765
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
References
▼ | URL | Tags |
---|---|---|
http://bugzilla.mozilla.org/show_bug.cgi?id=234058 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162 | vdb-entry, signature, x_refsource_OVAL | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.redhat.com/support/errata/RHSA-2004-421.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16868 | vdb-entry, x_refsource_XF | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 | x_refsource_CONFIRM | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.881Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", }, { name: "oval:org.mitre.oval:def:11162", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "mozilla-certtesthostname-certificate-spoof(16868)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", }, { name: "oval:org.mitre.oval:def:11162", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "mozilla-certtesthostname-certificate-spoof(16868)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0765", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058", }, { name: "oval:org.mitre.oval:def:11162", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "mozilla-certtesthostname-certificate-spoof(16868)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0765", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:46.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1381
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mozilla.org/security/announce/mfsa2005-05.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17789 | vdb-entry, x_refsource_XF | |
http://secunia.com/multiple_browsers_form_field_focus_test/ | x_refsource_MISC | |
http://secunia.com/advisories/12712 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:46:12.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100053", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "web-browser-inactive-info-disclosure(17789)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12712", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-10-20T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:100053", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "web-browser-inactive-info-disclosure(17789)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12712", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1381", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:100053", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-05.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-05.html", }, { name: "web-browser-inactive-info-disclosure(17789)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789", }, { name: "http://secunia.com/multiple_browsers_form_field_focus_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_form_field_focus_test/", }, { name: "12712", refsource: "SECUNIA", url: "http://secunia.com/advisories/12712", }, { name: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1381", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-08T00:46:12.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1160
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:44:05.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { name: "oval:org.mitre.oval:def:100017", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-41.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "13233", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13233", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "oval:org.mitre.oval:def:11291", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "The privileged \"chrome\" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { name: "oval:org.mitre.oval:def:100017", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-41.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "13233", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13233", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "oval:org.mitre.oval:def:11291", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1160", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:44:05.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0578
Vulnerability from cvelistv5
Published
2005-02-27 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/12659 | vdb-entry, x_refsource_BID | |
http://www.mozilla.org/security/announce/mfsa2005-28.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:05.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-28.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:10954", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-28.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:10954", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "12659", refsource: "BID", url: "http://www.securityfocus.com/bid/12659", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-28.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-28.html", }, { name: "RHSA-2005:176", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:10954", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0578", datePublished: "2005-02-27T05:00:00", dateReserved: "2005-02-27T00:00:00", dateUpdated: "2024-08-07T21:21:05.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0255
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "SUSE-SA:2005:016", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9111", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-18.html", }, { name: "oval:org.mitre.oval:def:100040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040", }, { name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "RHSA-2005:277", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-277.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:337", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-28T00:00:00", descriptions: [ { lang: "en", value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "SUSE-SA:2005:016", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9111", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-18.html", }, { name: "oval:org.mitre.oval:def:100040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040", }, { name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "RHSA-2005:277", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-277.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:337", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "12659", refsource: "BID", url: "http://www.securityfocus.com/bid/12659", }, { name: "SUSE-SA:2005:016", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:9111", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-18.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-18.html", }, { name: "oval:org.mitre.oval:def:100040", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040", }, { name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error", refsource: "IDEFENSE", url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities", }, { name: "RHSA-2005:176", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "GLSA-200503-30", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "RHSA-2005:277", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-277.html", }, { name: "GLSA-200503-10", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "RHSA-2005:337", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-337.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0255", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-09T00:00:00", dateUpdated: "2024-08-07T21:05:25.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2261
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.843Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "oval:org.mitre.oval:def:808", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-46.html", }, { name: "oval:org.mitre.oval:def:10947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1348", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { name: "oval:org.mitre.oval:def:100012", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "oval:org.mitre.oval:def:808", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-46.html", }, { name: "oval:org.mitre.oval:def:10947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1348", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { name: "oval:org.mitre.oval:def:100012", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2261", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:48.843Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1794
Vulnerability from cvelistv5
Published
2007-04-02 22:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
References
▼ | URL | Tags |
---|---|---|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1 | vendor-advisory, x_refsource_SUNALERT | |
http://secunia.com/advisories/24624 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2007/1178 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:06:26.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102865", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1", }, { name: "24624", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24624", }, { name: "ADV-2007-1178", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1178", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-03-30T00:00:00", descriptions: [ { lang: "en", value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-02-26T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "102865", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1", }, { name: "24624", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24624", }, { name: "ADV-2007-1178", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1178", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1794", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "102865", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1", }, { name: "24624", refsource: "SECUNIA", url: "http://secunia.com/advisories/24624", }, { name: "ADV-2007-1178", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1178", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1794", datePublished: "2007-04-02T22:00:00", dateReserved: "2007-04-02T00:00:00", dateUpdated: "2024-08-07T13:06:26.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-0496
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 16:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
References
▼ | URL | Tags |
---|---|---|
http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html | x_refsource_MISC | |
https://bugzilla.mozilla.org/show_bug.cgi?id=324253 | x_refsource_CONFIRM | |
http://securitytracker.com/id?1015563 | vdb-entry, x_refsource_SECTRACK | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/24427 | vdb-entry, x_refsource_XF | |
http://www.vupen.com/english/advisories/2006/0403 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/bid/16427 | vdb-entry, x_refsource_BID | |
http://community.livejournal.com/lj_dev/708069.html | x_refsource_MISC | |
http://securitytracker.com/id?1015553 | vdb-entry, x_refsource_SECTRACK | |
http://marc.info/?l=full-disclosure&m=113847912709062&w=2 | mailing-list, x_refsource_FULLDISC | |
http://www.osvdb.org/22924 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:34:14.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", }, { name: "1015563", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015563", }, { name: "mozilla-mozbinding-xss(24427)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427", }, { name: "ADV-2006-0403", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/0403", }, { name: "16427", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/16427", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://community.livejournal.com/lj_dev/708069.html", }, { name: "1015553", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015553", }, { name: "20060128 -moz-binding CSS property: more XSS fun", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2", }, { name: "22924", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/22924", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-01-19T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", }, { name: "1015563", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015563", }, { name: "mozilla-mozbinding-xss(24427)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427", }, { name: "ADV-2006-0403", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/0403", }, { name: "16427", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/16427", }, { tags: [ "x_refsource_MISC", ], url: "http://community.livejournal.com/lj_dev/708069.html", }, { name: "1015553", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015553", }, { name: "20060128 -moz-binding CSS property: more XSS fun", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2", }, { name: "22924", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/22924", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-0496", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", refsource: "MISC", url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253", }, { name: "1015563", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015563", }, { name: "mozilla-mozbinding-xss(24427)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427", }, { name: "ADV-2006-0403", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/0403", }, { name: "16427", refsource: "BID", url: "http://www.securityfocus.com/bid/16427", }, { name: "http://community.livejournal.com/lj_dev/708069.html", refsource: "MISC", url: "http://community.livejournal.com/lj_dev/708069.html", }, { name: "1015553", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015553", }, { name: "20060128 -moz-binding CSS property: more XSS fun", refsource: "FULLDISC", url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2", }, { name: "22924", refsource: "OSVDB", url: "http://www.osvdb.org/22924", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-0496", datePublished: "2006-02-01T02:00:00", dateReserved: "2006-01-31T00:00:00", dateUpdated: "2024-08-07T16:34:14.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0593
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:05.687Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-14.html", }, { name: "oval:org.mitre.oval:def:100044", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "oval:org.mitre.oval:def:9533", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL \"secure site\" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-14.html", }, { name: "oval:org.mitre.oval:def:100044", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "oval:org.mitre.oval:def:9533", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0593", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:05.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1091
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2003-046.html | vendor-advisory, x_refsource_REDHAT | |
http://bugzilla.mozilla.org/show_bug.cgi?id=157989 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/5665 | vdb-entry, x_refsource_BID | |
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 | vendor-advisory, x_refsource_MANDRAKE | |
http://crash.ihug.co.nz/~Sneuro/zerogif/ | x_refsource_MISC | |
http://www.redhat.com/support/errata/RHSA-2002-192.html | vendor-advisory, x_refsource_REDHAT | |
http://marc.info/?l=bugtraq&m=103134051120770&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.iss.net/security_center/static/10058.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:12:17.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", }, { name: "5665", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5665", }, { name: "MDKSA-2002:075", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://crash.ihug.co.nz/~Sneuro/zerogif/", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2", }, { name: "netscape-zero-gif-bo(10058)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/10058.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-09-06T00:00:00", descriptions: [ { lang: "en", value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-11-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", }, { name: "5665", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5665", }, { name: "MDKSA-2002:075", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { tags: [ "x_refsource_MISC", ], url: "http://crash.ihug.co.nz/~Sneuro/zerogif/", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2", }, { name: "netscape-zero-gif-bo(10058)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/10058.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1091", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2003:046", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", }, { name: "5665", refsource: "BID", url: "http://www.securityfocus.com/bid/5665", }, { name: "MDKSA-2002:075", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { name: "http://crash.ihug.co.nz/~Sneuro/zerogif/", refsource: "MISC", url: "http://crash.ihug.co.nz/~Sneuro/zerogif/", }, { name: "RHSA-2002:192", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, { name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2", }, { name: "netscape-zero-gif-bo(10058)", refsource: "XF", url: "http://www.iss.net/security_center/static/10058.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1091", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-09-06T00:00:00", dateUpdated: "2024-08-08T03:12:17.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0588
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/12659 | vdb-entry, x_refsource_BID | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.mozilla.org/security/announce/mfsa2005-20.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038 | vdb-entry, signature, x_refsource_OVAL | |
https://bugzilla.mozilla.org/show_bug.cgi?id=271209 | x_refsource_CONFIRM | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:05.613Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "oval:org.mitre.oval:def:10682", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-20.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "oval:org.mitre.oval:def:100038", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { name: "oval:org.mitre.oval:def:10682", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-20.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "oval:org.mitre.oval:def:100038", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0588", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:05.613Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1531
Vulnerability from cvelistv5
Published
2005-05-12 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351 | vdb-entry, signature, x_refsource_OVAL | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015 | vdb-entry, signature, x_refsource_OVAL | |
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | vendor-advisory, x_refsource_SCO | |
http://www.redhat.com/support/errata/RHSA-2005-435.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/13641 | vdb-entry, x_refsource_BID | |
http://www.securityfocus.com/bid/15495 | vdb-entry, x_refsource_BID | |
http://securitytracker.com/id?1013963 | vdb-entry, x_refsource_SECTRACK | |
http://www.mozilla.org/security/announce/mfsa2005-43.html | x_refsource_CONFIRM | |
http://securitytracker.com/id?1013962 | vdb-entry, x_refsource_SECTRACK | |
http://www.vupen.com/english/advisories/2005/0530 | vdb-entry, x_refsource_VUPEN | |
http://www.redhat.com/support/errata/RHSA-2005-434.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:51:50.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:10351", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351", }, { name: "oval:org.mitre.oval:def:100015", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "RHSA-2005:435", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { name: "13641", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13641", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "1013963", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013963", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-43.html", }, { name: "1013962", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013962", }, { name: "ADV-2005-0530", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/0530", }, { name: "RHSA-2005:434", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-11T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via \"Wrapped\" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) \"a nested variant.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:10351", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351", }, { name: "oval:org.mitre.oval:def:100015", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "RHSA-2005:435", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-435.html", }, { name: "13641", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13641", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "1013963", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013963", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-43.html", }, { name: "1013962", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013962", }, { name: "ADV-2005-0530", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/0530", }, { name: "RHSA-2005:434", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-434.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1531", datePublished: "2005-05-12T04:00:00", dateReserved: "2005-05-12T00:00:00", dateUpdated: "2024-08-07T21:51:50.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2268
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.903Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "15489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15489", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-54.html", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:1313", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:100005", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "oval:org.mitre.oval:def:1268", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268", }, { name: "oval:org.mitre.oval:def:10517", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-06-21T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "15489", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15489", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-54.html", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:1313", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:100005", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "oval:org.mitre.oval:def:1268", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268", }, { name: "oval:org.mitre.oval:def:10517", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2268", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:48.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0585
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035 | vdb-entry, signature, x_refsource_OVAL | |
http://secunia.com/secunia_research/2004-15/advisory/ | x_refsource_MISC | |
http://www.mozilla.org/security/announce/mfsa2005-23.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO | |
http://secunia.com/advisories/13599 | third-party-advisory, x_refsource_SECUNIA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100035", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2004-15/advisory/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-23.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "13599", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/13599", }, { name: "oval:org.mitre.oval:def:9924", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-04T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:100035", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2004-15/advisory/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-23.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "13599", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/13599", }, { name: "oval:org.mitre.oval:def:9924", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0585", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0905
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
▼ | URL | Tags |
---|---|---|
http://www.kb.cert.org/vuls/id/651928 | third-party-advisory, x_refsource_CERT-VN | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=250862 | x_refsource_CONFIRM | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 | vdb-entry, signature, x_refsource_OVAL | |
http://www.securityfocus.com/bid/11177 | vdb-entry, x_refsource_BID | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 | vdb-entry, x_refsource_XF | |
http://www.us-cert.gov/cas/techalerts/TA04-261A.html | third-party-advisory, x_refsource_CERT | |
http://marc.info/?l=bugtraq&m=109698896104418&w=2 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.854Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#651928", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/651928", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:10378", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378", }, { name: "11177", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11177", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-netscape-sameorigin-bypass(17374)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "VU#651928", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/651928", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:10378", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378", }, { name: "11177", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11177", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-netscape-sameorigin-bypass(17374)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374", }, { name: "TA04-261A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0905", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#651928", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/651928", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "oval:org.mitre.oval:def:10378", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378", }, { name: "11177", refsource: "BID", url: "http://www.securityfocus.com/bid/11177", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-netscape-sameorigin-bypass(17374)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374", }, { name: "TA04-261A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0905", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:47.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0146
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/12407 | vdb-entry, x_refsource_BID | |
http://www.mozilla.org/security/announce/mfsa2005-08.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19171 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.mozilla.org/show_bug.cgi?id=265728 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.494Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-08.html", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-middle-click-information-disclosure(19171)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", }, { name: "oval:org.mitre.oval:def:10362", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-08.html", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-middle-click-information-disclosure(19171)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", }, { name: "oval:org.mitre.oval:def:10362", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0146", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-08.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-08.html", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-middle-click-information-disclosure(19171)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728", }, { name: "oval:org.mitre.oval:def:10362", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0146", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0759
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
References
▼ | URL | Tags |
---|---|---|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | vendor-advisory, x_refsource_SCO | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.redhat.com/support/errata/RHSA-2004-421.html | vendor-advisory, x_refsource_REDHAT | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 | x_refsource_CONFIRM | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/15495 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16870 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153 | vdb-entry, signature, x_refsource_OVAL | |
http://bugzilla.mozilla.org/show_bug.cgi?id=241924 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-warning-file-upload(16870)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870", }, { name: "oval:org.mitre.oval:def:11153", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-warning-file-upload(16870)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870", }, { name: "oval:org.mitre.oval:def:11153", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "mozilla-warning-file-upload(16870)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870", }, { name: "oval:org.mitre.oval:def:11153", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0759", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:47.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-3896
Vulnerability from cvelistv5
Published
2005-11-29 21:00
Modified
2024-08-07 23:24
Severity ?
EPSS score ?
Summary
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=113262115201500&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.computerterrorism.com/research/ie/ct21-11-2005 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:24:36.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20051123 IE BUG, Mozilla DOS?", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.computerterrorism.com/research/ie/ct21-11-2005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-11-21T00:00:00", descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20051123 IE BUG, Mozilla DOS?", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://www.computerterrorism.com/research/ie/ct21-11-2005", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-3896", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20051123 IE BUG, Mozilla DOS?", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2", }, { name: "http://www.computerterrorism.com/research/ie/ct21-11-2005", refsource: "MISC", url: "http://www.computerterrorism.com/research/ie/ct21-11-2005", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-3896", datePublished: "2005-11-29T21:00:00", dateReserved: "2005-11-29T00:00:00", dateUpdated: "2024-08-07T23:24:36.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-1265
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.securitytracker.com/id?1005871 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/6499 | vdb-entry, x_refsource_BID | |
http://www.iss.net/security_center/static/10963.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:19:46.060Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", }, { name: "1005871", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1005871", }, { name: "6499", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6499", }, { name: "netscape-email-deletion-failure(10963)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/10963.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-01-01T00:00:00", descriptions: [ { lang: "en", value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-03-11T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", }, { name: "1005871", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1005871", }, { name: "6499", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6499", }, { name: "netscape-email-deletion-failure(10963)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/10963.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-1265", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html", }, { name: "1005871", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1005871", }, { name: "6499", refsource: "BID", url: "http://www.securityfocus.com/bid/6499", }, { name: "netscape-email-deletion-failure(10963)", refsource: "XF", url: "http://www.iss.net/security_center/static/10963.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-1265", datePublished: "2005-11-16T07:37:00", dateReserved: "2005-11-16T00:00:00", dateUpdated: "2024-08-08T02:19:46.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0144
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/19169 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/12407 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.mozilla.org/show_bug.cgi?id=262689 | x_refsource_CONFIRM | |
http://www.mozilla.org/security/announce/mfsa2005-04.html | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016 | vdb-entry, signature, x_refsource_OVAL | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.803Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-ssl-view-source-spoofing(19169)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-04.html", }, { name: "oval:org.mitre.oval:def:11016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016", }, { name: "oval:org.mitre.oval:def:100054", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-ssl-view-source-spoofing(19169)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-04.html", }, { name: "oval:org.mitre.oval:def:11016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016", }, { name: "oval:org.mitre.oval:def:100054", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-ssl-view-source-spoofing(19169)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169", }, { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-04.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-04.html", }, { name: "oval:org.mitre.oval:def:11016", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016", }, { name: "oval:org.mitre.oval:def:100054", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0144", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0593
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/8039 | third-party-advisory, x_refsource_SECUNIA | |
http://www.iss.net/security_center/static/8976.php | vdb-entry, x_refsource_XF | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | vendor-advisory, x_refsource_CONECTIVA | |
http://www.securityfocus.com/bid/4637 | vdb-entry, x_refsource_BID | |
http://online.securityfocus.com/archive/1/270249 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:56:37.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "8039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/8039", }, { name: "mozilla-netscape-irc-bo(8976)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/8976.php", }, { name: "CLA-2002:490", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "4637", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4637", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/270249", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-04-30T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-11-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "8039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/8039", }, { name: "mozilla-netscape-irc-bo(8976)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/8976.php", }, { name: "CLA-2002:490", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "4637", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4637", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/270249", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0593", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "8039", refsource: "SECUNIA", url: "http://secunia.com/advisories/8039", }, { name: "mozilla-netscape-irc-bo(8976)", refsource: "XF", url: "http://www.iss.net/security_center/static/8976.php", }, { name: "CLA-2002:490", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "4637", refsource: "BID", url: "http://www.securityfocus.com/bid/4637", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/270249", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0593", datePublished: "2002-06-11T04:00:00", dateReserved: "2002-06-11T00:00:00", dateUpdated: "2024-08-08T02:56:37.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4874
Vulnerability from cvelistv5
Published
2008-03-28 23:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=297078 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41553 | vdb-entry, x_refsource_XF | |
https://bugzilla.mozilla.org/show_bug.cgi?id=302489 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:01:23.052Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", }, { name: "mozilla-xmlhttprequest-info-disclosure(41553)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-08-02T00:00:00", descriptions: [ { lang: "en", value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", }, { name: "mozilla-xmlhttprequest-info-disclosure(41553)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-4874", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", }, { name: "mozilla-xmlhttprequest-info-disclosure(41553)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-4874", datePublished: "2008-03-28T23:00:00", dateReserved: "2008-03-28T00:00:00", dateUpdated: "2024-08-08T00:01:23.052Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0141
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/12407 | vdb-entry, x_refsource_BID | |
https://bugzilla.mozilla.org/show_bug.cgi?id=249332 | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-335.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19168 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mozilla.org/security/announce/mfsa2005-01.html | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-firefox-file-upload(19168)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168", }, { name: "oval:org.mitre.oval:def:10756", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-01.html", }, { name: "oval:org.mitre.oval:def:100057", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-firefox-file-upload(19168)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168", }, { name: "oval:org.mitre.oval:def:10756", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-01.html", }, { name: "oval:org.mitre.oval:def:100057", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "mozilla-firefox-file-upload(19168)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168", }, { name: "oval:org.mitre.oval:def:10756", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-01.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-01.html", }, { name: "oval:org.mitre.oval:def:100057", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0141", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0594
Vulnerability from cvelistv5
Published
2004-03-16 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
References
▼ | URL | Tags |
---|---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html | mailing-list, x_refsource_FULLDISC | |
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html | mailing-list, x_refsource_VULNWATCH | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2004-112.html | vendor-advisory, x_refsource_REDHAT | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 | vendor-advisory, x_refsource_MANDRAKE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:58:11.138Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", }, { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", }, { name: "oval:org.mitre.oval:def:917", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", }, { name: "RHSA-2004:112", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "oval:org.mitre.oval:def:9826", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", }, { name: "MDKSA-2004:021", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "oval:org.mitre.oval:def:873", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-03-10T00:00:00", descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", }, { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", }, { name: "oval:org.mitre.oval:def:917", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", }, { name: "RHSA-2004:112", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "oval:org.mitre.oval:def:9826", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", }, { name: "MDKSA-2004:021", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "oval:org.mitre.oval:def:873", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html", }, { name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html", }, { name: "oval:org.mitre.oval:def:917", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917", }, { name: "RHSA-2004:112", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-112.html", }, { name: "oval:org.mitre.oval:def:9826", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826", }, { name: "MDKSA-2004:021", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021", }, { name: "oval:org.mitre.oval:def:873", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0594", datePublished: "2004-03-16T05:00:00", dateReserved: "2003-07-18T00:00:00", dateUpdated: "2024-08-08T01:58:11.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0718
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:24:27.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "DSA-777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-777", }, { name: "http-frame-spoof(1598)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "11978", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11978", }, { name: "oval:org.mitre.oval:def:4756", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:9997", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-07-02T00:00:00", descriptions: [ { lang: "en", value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "DSA-777", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-777", }, { name: "http-frame-spoof(1598)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "MDKSA-2004:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "11978", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11978", }, { name: "oval:org.mitre.oval:def:4756", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:9997", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0718", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-810", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-810", }, { name: "DSA-777", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-777", }, { name: "http-frame-spoof(1598)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598", }, { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "MDKSA-2004:082", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "11978", refsource: "SECUNIA", url: "http://secunia.com/advisories/11978", }, { name: "oval:org.mitre.oval:def:4756", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", }, { name: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", }, { name: "oval:org.mitre.oval:def:9997", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0718", datePublished: "2004-07-23T04:00:00", dateReserved: "2004-07-22T00:00:00", dateUpdated: "2024-08-08T00:24:27.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1156
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | x_refsource_MISC | |
http://secunia.com/secunia_research/2004-13/advisory/ | x_refsource_MISC | |
http://secunia.com/advisories/13129/ | third-party-advisory, x_refsource_SECUNIA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117 | vdb-entry, signature, x_refsource_OVAL | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml | vendor-advisory, x_refsource_GENTOO | |
http://www.mozilla.org/security/announce/mfsa2005-13.html | x_refsource_CONFIRM | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:39:00.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2004-13/advisory/", }, { name: "13129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/13129/", }, { name: "oval:org.mitre.oval:def:10117", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-13.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:100045", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-12-08T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2004-13/advisory/", }, { name: "13129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/13129/", }, { name: "oval:org.mitre.oval:def:10117", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-13.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:100045", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1156", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", refsource: "MISC", url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", }, { name: "http://secunia.com/secunia_research/2004-13/advisory/", refsource: "MISC", url: "http://secunia.com/secunia_research/2004-13/advisory/", }, { name: "13129", refsource: "SECUNIA", url: "http://secunia.com/advisories/13129/", }, { name: "oval:org.mitre.oval:def:10117", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117", }, { name: "RHSA-2005:176", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-13.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-13.html", }, { name: "GLSA-200503-10", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "oval:org.mitre.oval:def:100045", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1156", datePublished: "2004-12-10T05:00:00", dateReserved: "2004-12-08T00:00:00", dateUpdated: "2024-08-08T00:39:00.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0594
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
▼ | URL | Tags |
---|---|---|
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | vendor-advisory, x_refsource_CONECTIVA | |
http://online.securityfocus.com/archive/1/270249 | mailing-list, x_refsource_BUGTRAQ | |
http://www.iss.net/security_center/static/8977.php | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2003-046.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/4640 | vdb-entry, x_refsource_BID | |
http://www.redhat.com/support/errata/RHSA-2002-192.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:56:38.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "CLA-2002:490", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/270249", }, { name: "mozilla-css-files-exist(8977)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/8977.php", }, { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "4640", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4640", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-04-30T00:00:00", descriptions: [ { lang: "en", value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-11-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "CLA-2002:490", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/270249", }, { name: "mozilla-css-files-exist(8977)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/8977.php", }, { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "4640", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4640", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "CLA-2002:490", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490", }, { name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/270249", }, { name: "mozilla-css-files-exist(8977)", refsource: "XF", url: "http://www.iss.net/security_center/static/8977.php", }, { name: "RHSA-2003:046", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "4640", refsource: "BID", url: "http://www.securityfocus.com/bid/4640", }, { name: "RHSA-2002:192", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0594", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-06-11T00:00:00", dateUpdated: "2024-08-08T02:56:38.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1156
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:35:59.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "oval:org.mitre.oval:def:11230", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "oval:org.mitre.oval:def:100020", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.mikx.de/firesearching/", }, { name: "1013745", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013745", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "mozilla-plugin-xss(20125)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "13211", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13211", }, { name: "14996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14996", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "oval:org.mitre.oval:def:11230", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "oval:org.mitre.oval:def:100020", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020", }, { tags: [ "x_refsource_MISC", ], url: "http://www.mikx.de/firesearching/", }, { name: "1013745", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013745", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "mozilla-plugin-xss(20125)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "13211", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13211", }, { name: "14996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14996", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1156", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:35:59.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1157
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
EPSS score ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:36:00.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.mikx.de/firesearching/", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "mozilla-plugin-xss(20125)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "oval:org.mitre.oval:def:9961", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "13211", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13211", }, { name: "14996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14996", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-38.html", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_MISC", ], url: "http://www.mikx.de/firesearching/", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "mozilla-plugin-xss(20125)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "oval:org.mitre.oval:def:9961", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "13211", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13211", }, { name: "14996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14996", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1157", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:36:00.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0478
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
References
▼ | URL | Tags |
---|---|---|
http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16225 | vdb-entry, x_refsource_XF | |
http://bugzilla.mozilla.org/show_bug.cgi?id=243540 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:17:15.248Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[Dailydave] 20040514 Mozilla bug might even get fixed!", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html", }, { name: "mozilla-javascript-dos(16225)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-05-13T00:00:00", descriptions: [ { lang: "en", value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[Dailydave] 20040514 Mozilla bug might even get fixed!", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html", }, { name: "mozilla-javascript-dos(16225)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0478", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[Dailydave] 20040514 Mozilla bug might even get fixed!", refsource: "MLIST", url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html", }, { name: "mozilla-javascript-dos(16225)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0478", datePublished: "2004-05-20T04:00:00", dateReserved: "2004-05-17T00:00:00", dateUpdated: "2024-08-08T00:17:15.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2263
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.352Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331", }, { name: "oval:org.mitre.oval:def:100010", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010", }, { name: "oval:org.mitre.oval:def:100016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1311", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:1281", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281", }, { name: "oval:org.mitre.oval:def:11629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-48.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331", }, { name: "oval:org.mitre.oval:def:100010", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010", }, { name: "oval:org.mitre.oval:def:100016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1311", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "oval:org.mitre.oval:def:1281", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281", }, { name: "oval:org.mitre.oval:def:11629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-48.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2263", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:48.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1126
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=103176760004720&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.redhat.com/support/errata/RHSA-2003-046.html | vendor-advisory, x_refsource_REDHAT | |
http://www.iss.net/security_center/static/10084.php | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/5694 | vdb-entry, x_refsource_BID | |
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 | vendor-advisory, x_refsource_MANDRAKE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=145579 | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2002-192.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:12:16.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020911 Privacy leak in mozilla", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2", }, { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "mozilla-onunload-url-leak(10084)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/10084.php", }, { name: "5694", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5694", }, { name: "MDKSA-2002:075", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-09-16T00:00:00", descriptions: [ { lang: "en", value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-11-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020911 Privacy leak in mozilla", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2", }, { name: "RHSA-2003:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "mozilla-onunload-url-leak(10084)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/10084.php", }, { name: "5694", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5694", }, { name: "MDKSA-2002:075", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", }, { name: "RHSA-2002:192", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1126", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020911 Privacy leak in mozilla", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2", }, { name: "RHSA-2003:046", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-046.html", }, { name: "mozilla-onunload-url-leak(10084)", refsource: "XF", url: "http://www.iss.net/security_center/static/10084.php", }, { name: "5694", refsource: "BID", url: "http://www.securityfocus.com/bid/5694", }, { name: "MDKSA-2002:075", refsource: "MANDRAKE", url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", }, { name: "RHSA-2002:192", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-192.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1126", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-09-17T00:00:00", dateUpdated: "2024-08-08T03:12:16.951Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4039
Vulnerability from cvelistv5
Published
2007-07-27 22:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
References
▼ | URL | Tags |
---|---|---|
http://larholm.com/2007/07/25/mozilla-protocol-abuse/ | x_refsource_MISC | |
http://seclists.org/fulldisclosure/2007/Jul/0557.html | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:37:06.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", }, { name: "20070725 Mozilla protocol abuse", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-07-27T22:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", }, { name: "20070725 Mozilla protocol abuse", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", refsource: "MISC", url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", }, { name: "20070725 Mozilla protocol abuse", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4039", datePublished: "2007-07-27T22:00:00Z", dateReserved: "2007-07-27T00:00:00Z", dateUpdated: "2024-09-17T01:21:30.348Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0586
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
References
▼ | URL | Tags |
---|---|---|
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036 | vdb-entry, signature, x_refsource_OVAL | |
http://www.securityfocus.com/bid/12659 | vdb-entry, x_refsource_BID | |
http://www.mozilla.org/security/announce/mfsa2005-22.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-176.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2005-384.html | vendor-advisory, x_refsource_REDHAT | |
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml | vendor-advisory, x_refsource_GENTOO | |
http://secunia.com/advisories/13258 | third-party-advisory, x_refsource_SECUNIA | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:21:06.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:100036", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036", }, { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-22.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "13258", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/13258", }, { name: "oval:org.mitre.oval:def:11152", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-25T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:100036", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036", }, { name: "12659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12659", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-22.html", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "13258", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/13258", }, { name: "oval:org.mitre.oval:def:11152", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0586", datePublished: "2005-02-28T05:00:00", dateReserved: "2005-02-28T00:00:00", dateUpdated: "2024-08-07T21:21:06.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0149
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100047", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-11.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", }, { name: "RHSA-2005:094", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-094.html", }, { name: "oval:org.mitre.oval:def:11407", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "mozilla-cookie-policy-bypass(19172)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100047", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", }, { name: "RHSA-2005:335", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-11.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", }, { name: "RHSA-2005:094", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-094.html", }, { name: "oval:org.mitre.oval:def:11407", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "mozilla-cookie-policy-bypass(19172)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0149", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100047", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", }, { name: "RHSA-2005:335", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-335.html", }, { name: "19823", refsource: "SECUNIA", url: "http://secunia.com/advisories/19823", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-11.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-11.html", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", }, { name: "RHSA-2005:094", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-094.html", }, { name: "oval:org.mitre.oval:def:11407", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", }, { name: "SUSE-SA:2006:022", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "mozilla-cookie-policy-bypass(19172)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0149", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:25.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0906
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17375 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/11192 | vdb-entry, x_refsource_BID | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=231083 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668 | vdb-entry, signature, x_refsource_OVAL | |
http://www.kb.cert.org/vuls/id/653160 | third-party-advisory, x_refsource_CERT-VN | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
http://secunia.com/advisories/12526/ | third-party-advisory, x_refsource_SECUNIA | |
http://bugzilla.mozilla.org/show_bug.cgi?id=235781 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-insecure-file-permissions(17375)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375", }, { name: "11192", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11192", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", }, { name: "oval:org.mitre.oval:def:11668", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668", }, { name: "VU#653160", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/653160", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12526/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-14T00:00:00", descriptions: [ { lang: "en", value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-insecure-file-permissions(17375)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375", }, { name: "11192", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11192", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", }, { name: "oval:org.mitre.oval:def:11668", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668", }, { name: "VU#653160", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/653160", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12526/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0906", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "mozilla-insecure-file-permissions(17375)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375", }, { name: "11192", refsource: "BID", url: "http://www.securityfocus.com/bid/11192", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083", }, { name: "oval:org.mitre.oval:def:11668", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668", }, { name: "VU#653160", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/653160", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "12526", refsource: "SECUNIA", url: "http://secunia.com/advisories/12526/", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0906", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:48.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1451
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/10419/ | third-party-advisory, x_refsource_SECUNIA | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html | x_refsource_CONFIRM | |
http://bugzilla.mozilla.org/show_bug.cgi?id=228176 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:53:23.805Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "10419", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/10419/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-01-06T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-15T16:38:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "10419", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/10419/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1451", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "10419", refsource: "SECUNIA", url: "http://secunia.com/advisories/10419/", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1451", datePublished: "2005-02-13T05:00:00", dateReserved: "2005-02-13T00:00:00", dateUpdated: "2024-08-08T00:53:23.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0233
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { name: "multiple-browsers-idn-spoof(19236)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { name: "20050206 state of homograph attacks", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.shmoo.com/idn", }, { name: "SUSE-SA:2005:016", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { name: "oval:org.mitre.oval:def:11229", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229", }, { name: "oval:org.mitre.oval:def:100029", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2", }, { name: "12461", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-29.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-06T00:00:00", descriptions: [ { lang: "en", value: "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { name: "multiple-browsers-idn-spoof(19236)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { name: "20050206 state of homograph attacks", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.shmoo.com/idn", }, { name: "SUSE-SA:2005:016", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", }, { name: "oval:org.mitre.oval:def:11229", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229", }, { name: "oval:org.mitre.oval:def:100029", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029", }, { name: "RHSA-2005:176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-176.html", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "GLSA-200503-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", }, { name: "GLSA-200503-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", }, { name: "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2", }, { name: "12461", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12461", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-29.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0233", datePublished: "2005-02-07T05:00:00", dateReserved: "2005-02-07T00:00:00", dateUpdated: "2024-08-07T21:05:25.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1159
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:44:05.013Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "mozilla-installtrigger-command-execution(20123)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "1013742", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013742", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-40.html", }, { name: "13232", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13232", }, { name: "1013743", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013743", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "oval:org.mitre.oval:def:100018", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:10629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "mozilla-installtrigger-command-execution(20123)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "1013742", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013742", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-40.html", }, { name: "13232", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13232", }, { name: "1013743", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013743", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "oval:org.mitre.oval:def:100018", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:10629", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1159", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:44:05.013Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2260
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:47.741Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:742", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "oval:org.mitre.oval:def:10132", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1226", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-45.html", }, { name: "oval:org.mitre.oval:def:100013", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "oval:org.mitre.oval:def:742", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", }, { tags: [ "x_refsource_MISC", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "oval:org.mitre.oval:def:10132", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "oval:org.mitre.oval:def:1226", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-45.html", }, { name: "oval:org.mitre.oval:def:100013", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2260", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:47.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-1308
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=103730181813075&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/10636 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/6185 | vdb-entry, x_refsource_BID | |
http://bugzilla.mozilla.org/show_bug.cgi?id=157646 | x_refsource_MISC | |
http://www.redhat.com/support/errata/RHSA-2003-163.html | vendor-advisory, x_refsource_REDHAT | |
http://www.redhat.com/support/errata/RHSA-2003-162.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:19:28.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2", }, { name: "mozilla-netscape-jar-bo(10636)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636", }, { name: "6185", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6185", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", }, { name: "RHSA-2003:163", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-163.html", }, { name: "RHSA-2003:162", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-162.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-11-14T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-08-04T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2", }, { name: "mozilla-netscape-jar-bo(10636)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636", }, { name: "6185", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6185", }, { tags: [ "x_refsource_MISC", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", }, { name: "RHSA-2003:163", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-163.html", }, { name: "RHSA-2003:162", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-162.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1308", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2", }, { name: "mozilla-netscape-jar-bo(10636)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636", }, { name: "6185", refsource: "BID", url: "http://www.securityfocus.com/bid/6185", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", refsource: "MISC", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", }, { name: "RHSA-2003:163", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-163.html", }, { name: "RHSA-2003:162", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-162.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1308", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-11-15T00:00:00", dateUpdated: "2024-08-08T03:19:28.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1155
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
EPSS score ?
Summary
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:36:00.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:10655", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036", }, { name: "oval:org.mitre.oval:def:100021", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.mikx.de/firelinking/", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "VU#973309", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/973309", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-37.html", }, { name: "13216", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13216", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-04-15T00:00:00", descriptions: [ { lang: "en", value: "The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel=\"icon\"> tag with a javascript: URL in the href attribute, aka \"Firelinking.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "oval:org.mitre.oval:def:10655", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655", }, { name: "RHSA-2005:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-386.html", }, { name: "14992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14992", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036", }, { name: "oval:org.mitre.oval:def:100021", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021", }, { tags: [ "x_refsource_MISC", ], url: "http://www.mikx.de/firelinking/", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "VU#973309", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/973309", }, { name: "GLSA-200504-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml", }, { name: "14938", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14938", }, { name: "RHSA-2005:384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-384.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-37.html", }, { name: "13216", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13216", }, { name: "RHSA-2005:383", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-383.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1155", datePublished: "2005-04-18T04:00:00", dateReserved: "2005-04-18T00:00:00", dateUpdated: "2024-08-07T21:36:00.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-0292
Vulnerability from cvelistv5
Published
2006-02-02 20:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:25:34.237Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2006:036", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036", }, { name: "USN-275-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/275-1/", }, { name: "RHSA-2006:0330", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html", }, { name: "19902", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19902", }, { name: "mozilla-javascript-memory-corruption(24430)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430", }, { name: "MDKSA-2006:037", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037", }, { name: "USN-276-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/276-1/", }, { name: "HPSBUX02122", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { name: "19941", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19941", }, { name: "19780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19780", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", }, { name: "19821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19821", }, { name: "oval:org.mitre.oval:def:10016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016", }, { name: "FEDORA-2006-075", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html", }, { name: "GLSA-200604-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", }, { name: "21622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21622", }, { name: "19862", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19862", }, { name: "19230", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19230", }, { name: "18704", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18704", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "DSA-1051", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1051", }, { name: "18709", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18709", }, { name: "ADV-2006-3749", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3749", }, { name: "USN-271-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/271-1/", }, { name: "18705", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18705", }, { name: "GLSA-200604-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", }, { name: "16476", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/16476", }, { name: "ADV-2006-0413", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/0413", }, { name: "1015570", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015570", }, { name: "19746", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19746", }, { name: "21033", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/21033", }, { name: "18700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18700", }, { name: "102550", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", }, { name: "19759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19759", }, { name: "SSRT061236", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { name: "RHSA-2006:0200", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html", }, { name: "oval:org.mitre.oval:def:670", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670", }, { name: "18706", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18706", }, { name: "SSRT061158", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { name: "FEDORA-2006-076", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html", }, { name: "MDKSA-2006:078", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", }, { name: "RHSA-2006:0199", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html", }, { name: "20051", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/20051", }, { name: "19863", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19863", }, { name: "HPSBUX02156", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { name: "FLSA-2006:180036-2", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", }, { name: "20060201-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", }, { name: "SCOSA-2006.26", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", }, { name: "18708", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18708", }, { name: "FLSA:180036-1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded", }, { name: "228526", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", }, { name: "19852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19852", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "GLSA-200605-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", }, { name: "ADV-2006-3391", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3391", }, { name: "18703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18703", }, { name: "22065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22065", }, { name: "19950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19950", }, { name: "DSA-1046", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1046", }, { name: "DSA-1044", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-02-02T00:00:00", descriptions: [ { lang: "en", value: "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2006:036", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036", }, { name: "USN-275-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/275-1/", }, { name: "RHSA-2006:0330", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html", }, { name: "19902", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19902", }, { name: "mozilla-javascript-memory-corruption(24430)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430", }, { name: "MDKSA-2006:037", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037", }, { name: "USN-276-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/276-1/", }, { name: "HPSBUX02122", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { name: "19941", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19941", }, { name: "19780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19780", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885", }, { name: "19821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19821", }, { name: "oval:org.mitre.oval:def:10016", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016", }, { name: "FEDORA-2006-075", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html", }, { name: "GLSA-200604-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml", }, { name: "21622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21622", }, { name: "19862", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19862", }, { name: "19230", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19230", }, { name: "18704", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18704", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "DSA-1051", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1051", }, { name: "18709", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18709", }, { name: "ADV-2006-3749", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3749", }, { name: "USN-271-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/271-1/", }, { name: "18705", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18705", }, { name: "GLSA-200604-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml", }, { name: "16476", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/16476", }, { name: "ADV-2006-0413", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/0413", }, { name: "1015570", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015570", }, { name: "19746", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19746", }, { name: "21033", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/21033", }, { name: "18700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18700", }, { name: "102550", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1", }, { name: "19759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19759", }, { name: "SSRT061236", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { name: "RHSA-2006:0200", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html", }, { name: "oval:org.mitre.oval:def:670", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670", }, { name: "18706", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18706", }, { name: "SSRT061158", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded", }, { name: "FEDORA-2006-076", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html", }, { name: "MDKSA-2006:078", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078", }, { name: "RHSA-2006:0199", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html", }, { name: "20051", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/20051", }, { name: "19863", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19863", }, { name: "HPSBUX02156", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded", }, { name: "FLSA-2006:180036-2", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html", }, { name: "20060201-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U", }, { name: "SCOSA-2006.26", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt", }, { name: "18708", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18708", }, { name: "FLSA:180036-1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded", }, { name: "228526", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1", }, { name: "19852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19852", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "GLSA-200605-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml", }, { name: "ADV-2006-3391", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3391", }, { name: "18703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18703", }, { name: "22065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22065", }, { name: "19950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19950", }, { name: "DSA-1046", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1046", }, { name: "DSA-1044", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1044", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-0292", datePublished: "2006-02-02T20:00:00", dateReserved: "2006-01-18T00:00:00", dateUpdated: "2024-08-07T16:25:34.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-2061
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:51
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
References
▼ | URL | Tags |
---|---|---|
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | x_refsource_CONFIRM | |
http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 | vendor-advisory, x_refsource_MANDRAKE | |
http://bugzilla.mozilla.org/show_bug.cgi?id=157202 | x_refsource_CONFIRM | |
http://www.iss.net/security_center/static/9287.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:51:17.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", }, { name: "links-png-image-bo(9287)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9287.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-05-28T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-10-18T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "MDKSA-2002:074", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", }, { name: "links-png-image-bo(9287)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9287.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-2061", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", refsource: "CONFIRM", url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", }, { name: "MDKSA-2002:074", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", }, { name: "links-png-image-bo(9287)", refsource: "XF", url: "http://www.iss.net/security_center/static/9287.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-2061", datePublished: "2005-07-14T04:00:00", dateReserved: "2005-07-14T00:00:00", dateUpdated: "2024-08-08T03:51:17.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2968
Vulnerability from cvelistv5
Published
2005-09-20 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:53:29.713Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-868", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-868", }, { name: "ADV-2005-1824", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1824", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "14888", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14888", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", }, { name: "USN-186-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-186-2", }, { name: "16869", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16869", }, { name: "RHSA-2005:791", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-791.html", }, { name: "USN-200-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-200-1", }, { name: "17042", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17042", }, { name: "DSA-866", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-866", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-58.html", }, { name: "17284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17284", }, { name: "17149", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17149", }, { name: "17263", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17263", }, { name: "oval:org.mitre.oval:def:11105", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105", }, { name: "VU#914681", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/914681", }, { name: "RHSA-2005:785", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-785.html", }, { name: "USN-186-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-186-1", }, { name: "MDKSA-2005:174", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174", }, { name: "17090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17090", }, { name: "ADV-2005-1794", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1794", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-09-19T00:00:00", descriptions: [ { lang: "en", value: "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-868", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-868", }, { name: "ADV-2005-1824", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1824", }, { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "14888", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14888", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185", }, { name: "USN-186-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-186-2", }, { name: "16869", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16869", }, { name: "RHSA-2005:791", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-791.html", }, { name: "USN-200-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-200-1", }, { name: "17042", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17042", }, { name: "DSA-866", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-866", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-58.html", }, { name: "17284", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17284", }, { name: "17149", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17149", }, { name: "17263", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17263", }, { name: "oval:org.mitre.oval:def:11105", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105", }, { name: "VU#914681", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/914681", }, { name: "RHSA-2005:785", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-785.html", }, { name: "USN-186-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-186-1", }, { name: "MDKSA-2005:174", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174", }, { name: "17090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17090", }, { name: "ADV-2005-1794", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1794", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2968", datePublished: "2005-09-20T04:00:00", dateReserved: "2005-09-19T00:00:00", dateUpdated: "2024-08-07T22:53:29.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2270
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.688Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "oval:org.mitre.oval:def:11751", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-56.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:550", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:817", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "1014470", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014470", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "VU#652366", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/652366", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397", }, { name: "oval:org.mitre.oval:def:100003", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "oval:org.mitre.oval:def:11751", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-56.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "oval:org.mitre.oval:def:550", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "oval:org.mitre.oval:def:817", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "1014470", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014470", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "VU#652366", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/652366", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397", }, { name: "oval:org.mitre.oval:def:100003", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2270", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:48.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2114
Vulnerability from cvelistv5
Published
2005-07-01 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
References
▼ | URL | Tags |
---|---|---|
http://securitytracker.com/id?1014292 | vdb-entry, x_refsource_SECTRACK | |
http://www.securiteam.com/securitynews/5OP0U00G1G.html | x_refsource_MISC | |
http://www.redhat.com/support/errata/RHSA-2005-587.html | vendor-advisory, x_refsource_REDHAT | |
http://securitytracker.com/id?1014293 | vdb-entry, x_refsource_SECTRACK | |
http://securitytracker.com/id?1014294 | vdb-entry, x_refsource_SECTRACK | |
http://securitytracker.com/id?1014372 | vdb-entry, x_refsource_SECTRACK | |
http://www.kurczaba.com/html/security/0506241.htm | x_refsource_MISC | |
http://marc.info/?l=bugtraq&m=112008299210033&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://securitytracker.com/id?1014349 | vdb-entry, x_refsource_SECTRACK | |
http://www.redhat.com/support/errata/RHSA-2005-586.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/21188 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:15:37.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1014292", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014292", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "1014293", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014293", }, { name: "1014294", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014294", }, { name: "1014372", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014372", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.kurczaba.com/html/security/0506241.htm", }, { name: "20050629 Mozilla Multiple Product JavaScript Issue", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2", }, { name: "1014349", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1014349", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "mozilla-mult-browsers-javascript-dos(21188)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188", }, { name: "oval:org.mitre.oval:def:9628", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-06-29T00:00:00", descriptions: [ { lang: "en", value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1014292", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014292", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "1014293", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014293", }, { name: "1014294", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014294", }, { name: "1014372", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014372", }, { tags: [ "x_refsource_MISC", ], url: "http://www.kurczaba.com/html/security/0506241.htm", }, { name: "20050629 Mozilla Multiple Product JavaScript Issue", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2", }, { name: "1014349", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1014349", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "mozilla-mult-browsers-javascript-dos(21188)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188", }, { name: "oval:org.mitre.oval:def:9628", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2114", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1014292", refsource: "SECTRACK", url: "http://securitytracker.com/id?1014292", }, { name: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", refsource: "MISC", url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html", }, { name: "RHSA-2005:587", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "1014293", refsource: "SECTRACK", url: "http://securitytracker.com/id?1014293", }, { name: "1014294", refsource: "SECTRACK", url: "http://securitytracker.com/id?1014294", }, { name: "1014372", refsource: "SECTRACK", url: "http://securitytracker.com/id?1014372", }, { name: "http://www.kurczaba.com/html/security/0506241.htm", refsource: "MISC", url: "http://www.kurczaba.com/html/security/0506241.htm", }, { name: "20050629 Mozilla Multiple Product JavaScript Issue", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2", }, { name: "1014349", refsource: "SECTRACK", url: "http://securitytracker.com/id?1014349", }, { name: "RHSA-2005:586", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "mozilla-mult-browsers-javascript-dos(21188)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188", }, { name: "oval:org.mitre.oval:def:9628", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2114", datePublished: "2005-07-01T04:00:00", dateReserved: "2005-07-01T00:00:00", dateUpdated: "2024-08-07T22:15:37.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0648
Vulnerability from cvelistv5
Published
2004-07-13 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
References
▼ | URL | Tags |
---|---|---|
http://www.mozilla.org/projects/security/known-vulnerabilities.html | x_refsource_CONFIRM | |
http://www.kb.cert.org/vuls/id/927014 | third-party-advisory, x_refsource_CERT-VN | |
http://www.ciac.org/ciac/bulletins/o-175.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
http://www.mozilla.org/security/shell.html | x_refsource_CONFIRM | |
http://secunia.com/advisories/12027 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html | mailing-list, x_refsource_FULLDISC | |
http://marc.info/?l=bugtraq&m=108938712815719&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16655 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:24:27.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "VU#927014", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/927014", }, { name: "O-175", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/o-175.shtml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/shell.html", }, { name: "12027", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12027", }, { name: "20040707 shell:windows command question", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html", }, { name: "20040708 Mozilla Security Advisory 2004-07-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2", }, { name: "mozilla-shell-program-execution(16655)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-07-07T00:00:00", descriptions: [ { lang: "en", value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "VU#927014", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/927014", }, { name: "O-175", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/o-175.shtml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/shell.html", }, { name: "12027", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12027", }, { name: "20040707 shell:windows command question", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html", }, { name: "20040708 Mozilla Security Advisory 2004-07-08", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2", }, { name: "mozilla-shell-program-execution(16655)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0648", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "VU#927014", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/927014", }, { name: "O-175", refsource: "CIAC", url: "http://www.ciac.org/ciac/bulletins/o-175.shtml", }, { name: "http://www.mozilla.org/security/shell.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/shell.html", }, { name: "12027", refsource: "SECUNIA", url: "http://secunia.com/advisories/12027", }, { name: "20040707 shell:windows command question", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html", }, { name: "20040708 Mozilla Security Advisory 2004-07-08", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2", }, { name: "mozilla-shell-program-execution(16655)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0648", datePublished: "2004-07-13T04:00:00", dateReserved: "2004-07-09T00:00:00", dateUpdated: "2024-08-08T00:24:27.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1450
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
References
▼ | URL | Tags |
---|---|---|
http://www.mozilla.org/projects/security/known-vulnerabilities.html | x_refsource_CONFIRM | |
http://bugzilla.mozilla.org/show_bug.cgi?id=239122 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:53:23.764Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-04-05T00:00:00", descriptions: [ { lang: "en", value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-15T16:38:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1450", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1450", datePublished: "2005-02-13T05:00:00", dateReserved: "2005-02-13T00:00:00", dateUpdated: "2024-08-08T00:53:23.764Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-3010
Vulnerability from cvelistv5
Published
2009-08-31 16:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
References
▼ | URL | Tags |
---|---|---|
http://websecurity.com.ua/3386/ | x_refsource_MISC | |
http://websecurity.com.ua/3315/ | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/52999 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:55.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://websecurity.com.ua/3386/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://websecurity.com.ua/3315/", }, { name: "firefox-seamonkey-data-xss(52999)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-07-11T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://websecurity.com.ua/3386/", }, { tags: [ "x_refsource_MISC", ], url: "http://websecurity.com.ua/3315/", }, { name: "firefox-seamonkey-data-xss(52999)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3010", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://websecurity.com.ua/3386/", refsource: "MISC", url: "http://websecurity.com.ua/3386/", }, { name: "http://websecurity.com.ua/3315/", refsource: "MISC", url: "http://websecurity.com.ua/3315/", }, { name: "firefox-seamonkey-data-xss(52999)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3010", datePublished: "2009-08-31T16:00:00", dateReserved: "2009-08-31T00:00:00", dateUpdated: "2024-08-07T06:14:55.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3144
Vulnerability from cvelistv5
Published
2007-06-11 18:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/24352 | vdb-entry, x_refsource_BID | |
http://osvdb.org/43466 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34983 | vdb-entry, x_refsource_XF | |
http://testing.bitsploit.de/test.html | x_refsource_MISC | |
http://www.0x000000.com/?i=334 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:05:28.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "24352", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24352", }, { name: "43466", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/43466", }, { name: "multiple-basic-authentication-spoofing(34983)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://testing.bitsploit.de/test.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.0x000000.com/?i=334", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-06-06T00:00:00", descriptions: [ { lang: "en", value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "24352", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24352", }, { name: "43466", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/43466", }, { name: "multiple-basic-authentication-spoofing(34983)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", }, { tags: [ "x_refsource_MISC", ], url: "http://testing.bitsploit.de/test.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.0x000000.com/?i=334", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "24352", refsource: "BID", url: "http://www.securityfocus.com/bid/24352", }, { name: "43466", refsource: "OSVDB", url: "http://osvdb.org/43466", }, { name: "multiple-basic-authentication-spoofing(34983)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", }, { name: "http://testing.bitsploit.de/test.html", refsource: "MISC", url: "http://testing.bitsploit.de/test.html", }, { name: "http://www.0x000000.com/?i=334", refsource: "MISC", url: "http://www.0x000000.com/?i=334", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3144", datePublished: "2007-06-11T18:00:00", dateReserved: "2007-06-11T00:00:00", dateUpdated: "2024-08-07T14:05:28.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0815
Vulnerability from cvelistv5
Published
2002-08-01 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=102798282208686&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://marc.info/?l=bugtraq&m=102796732924658&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:03:48.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020729 RE: XWT Foundation Advisory", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2", }, { name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-07-29T00:00:00", descriptions: [ { lang: "en", value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020729 RE: XWT Foundation Advisory", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2", }, { name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020729 RE: XWT Foundation Advisory", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2", }, { name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0815", datePublished: "2002-08-01T04:00:00", dateReserved: "2002-07-30T00:00:00", dateUpdated: "2024-08-08T03:03:48.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4685
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/15331 | vdb-entry, x_refsource_BID | |
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html | mailing-list, x_refsource_FULLDISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:53:28.695Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "15331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15331", }, { name: "20051104 Browser cookie handling: possible cross-domain cookie sharing", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html", }, { name: "konqueror-cookie-information-disclosure(25291)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-11-04T00:00:00", descriptions: [ { lang: "en", value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "15331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15331", }, { name: "20051104 Browser cookie handling: possible cross-domain cookie sharing", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html", }, { name: "konqueror-cookie-information-disclosure(25291)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-4685", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "15331", refsource: "BID", url: "http://www.securityfocus.com/bid/15331", }, { name: "20051104 Browser cookie handling: possible cross-domain cookie sharing", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html", }, { name: "konqueror-cookie-information-disclosure(25291)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-4685", datePublished: "2006-02-01T02:00:00", dateReserved: "2006-01-31T00:00:00", dateUpdated: "2024-08-07T23:53:28.695Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0908
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/11179 | vdb-entry, x_refsource_BID | |
http://www.kb.cert.org/vuls/id/460528 | third-party-advisory, x_refsource_CERT-VN | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://bugzilla.mozilla.org/show_bug.cgi?id=257523 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745 | vdb-entry, signature, x_refsource_OVAL | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200409-26.xml | vendor-advisory, x_refsource_GENTOO | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17376 | vdb-entry, x_refsource_XF | |
http://marc.info/?l=bugtraq&m=109698896104418&w=2 | vendor-advisory, x_refsource_HP | |
http://secunia.com/advisories/12526 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "11179", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11179", }, { name: "VU#460528", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/460528", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", }, { name: "oval:org.mitre.oval:def:9745", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-shortcut-clipboard-access(17376)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/12526", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-16T00:00:00", descriptions: [ { lang: "en", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "11179", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11179", }, { name: "VU#460528", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/460528", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", }, { name: "oval:org.mitre.oval:def:9745", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-shortcut-clipboard-access(17376)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376", }, { name: "SSRT4826", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/12526", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0908", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "11179", refsource: "BID", url: "http://www.securityfocus.com/bid/11179", }, { name: "VU#460528", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/460528", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523", }, { name: "oval:org.mitre.oval:def:9745", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", }, { name: "GLSA-200409-26", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-26.xml", }, { name: "mozilla-shortcut-clipboard-access(17376)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376", }, { name: "SSRT4826", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2", }, { name: "12526", refsource: "SECUNIA", url: "http://secunia.com/advisories/12526", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0908", datePublished: "2004-09-24T04:00:00", dateReserved: "2004-09-23T00:00:00", dateUpdated: "2024-08-08T00:31:48.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-2659
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
References
▼ | URL | Tags |
---|---|---|
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | x_refsource_MISC | |
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:36:25.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-07-01T00:00:00", descriptions: [ { lang: "en", value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-08-25T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-2659", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", refsource: "MISC", url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", }, { name: "20040407 Race conditions in security dialogs", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-2659", datePublished: "2006-04-29T10:00:00", dateReserved: "2006-04-28T00:00:00", dateUpdated: "2024-08-08T01:36:25.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0655
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2000-046.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/1503 | vdb-entry, x_refsource_BID | |
http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html | vendor-advisory, x_refsource_TURBO | |
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc | vendor-advisory, x_refsource_FREEBSD | |
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com | mailing-list, x_refsource_BUGTRAQ | |
http://www.novell.com/linux/security/advisories/suse_security_announce_60.html | vendor-advisory, x_refsource_SUSE | |
http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html | mailing-list, x_refsource_BUGTRAQ | |
http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html | mailing-list, x_refsource_BUGTRAQ | |
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc | vendor-advisory, x_refsource_NETBSD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:28:40.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2000:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2000-046.html", }, { name: "1503", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1503", }, { name: "TLSA2000017-1", tags: [ "vendor-advisory", "x_refsource_TURBO", "x_transferred", ], url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html", }, { name: "FreeBSD-SA-00:39", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc", }, { name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com", }, { name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html", }, { name: "20000801 MDKSA-2000:027-1 netscape update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html", }, { name: "20000810 Conectiva Linux Security Announcement - netscape", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html", }, { name: "NetBSD-SA2000-011", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-07-24T00:00:00", descriptions: [ { lang: "en", value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-09-02T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2000:046", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2000-046.html", }, { name: "1503", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1503", }, { name: "TLSA2000017-1", tags: [ "vendor-advisory", "x_refsource_TURBO", ], url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html", }, { name: "FreeBSD-SA-00:39", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc", }, { name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com", }, { name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html", }, { name: "20000801 MDKSA-2000:027-1 netscape update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html", }, { name: "20000810 Conectiva Linux Security Announcement - netscape", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html", }, { name: "NetBSD-SA2000-011", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0655", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2000:046", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2000-046.html", }, { name: "1503", refsource: "BID", url: "http://www.securityfocus.com/bid/1503", }, { name: "TLSA2000017-1", refsource: "TURBO", url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html", }, { name: "FreeBSD-SA-00:39", refsource: "FREEBSD", url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc", }, { name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com", }, { name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html", }, { name: "20000801 MDKSA-2000:027-1 netscape update", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html", }, { name: "20000810 Conectiva Linux Security Announcement - netscape", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html", }, { name: "NetBSD-SA2000-011", refsource: "NETBSD", url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0655", datePublished: "2000-10-13T04:00:00", dateReserved: "2000-08-02T00:00:00", dateUpdated: "2024-08-08T05:28:40.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1490
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/7709 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/archive/1/245152 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/3684 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:58:11.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "win-browser-image-dos(7709)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709", }, { name: "20011211 Browsers fails on big image count", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/245152", }, { name: "3684", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3684", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-12-11T00:00:00", descriptions: [ { lang: "en", value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "win-browser-image-dos(7709)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709", }, { name: "20011211 Browsers fails on big image count", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/245152", }, { name: "3684", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3684", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1490", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "win-browser-image-dos(7709)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709", }, { name: "20011211 Browsers fails on big image count", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/245152", }, { name: "3684", refsource: "BID", url: "http://www.securityfocus.com/bid/3684", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1490", datePublished: "2005-06-21T04:00:00", dateReserved: "2005-06-21T00:00:00", dateUpdated: "2024-08-08T04:58:11.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0760
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
References
▼ | URL | Tags |
---|---|---|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | vendor-advisory, x_refsource_SCO | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090 | vdb-entry, signature, x_refsource_OVAL | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.redhat.com/support/errata/RHSA-2004-421.html | vendor-advisory, x_refsource_REDHAT | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/15495 | vdb-entry, x_refsource_BID | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227 | vdb-entry, signature, x_refsource_OVAL | |
http://bugzilla.mozilla.org/show_bug.cgi?id=250906 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16691 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "oval:org.mitre.oval:def:11090", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:1227", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", }, { name: "mozilla-modify-mime-type(16691)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "oval:org.mitre.oval:def:11090", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:1227", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", }, { name: "mozilla-modify-mime-type(16691)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "oval:org.mitre.oval:def:11090", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:1227", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906", }, { name: "mozilla-modify-mime-type(16691)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0760", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:46.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0147
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/19174 | vdb-entry, x_refsource_XF | |
http://www.mozilla.org/security/announce/mfsa2005-09.html | x_refsource_CONFIRM | |
http://www.redhat.com/support/errata/RHSA-2005-323.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/12407 | vdb-entry, x_refsource_BID | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049 | vdb-entry, signature, x_refsource_OVAL | |
https://bugzilla.mozilla.org/show_bug.cgi?id=267263 | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:24.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "mozilla-407-proxy-obtain-information(19174)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-09.html", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100049", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", }, { name: "oval:org.mitre.oval:def:9578", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-24T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "mozilla-407-proxy-obtain-information(19174)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-09.html", }, { name: "RHSA-2005:323", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100049", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", }, { name: "oval:org.mitre.oval:def:9578", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "mozilla-407-proxy-obtain-information(19174)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174", }, { name: "http://www.mozilla.org/security/announce/mfsa2005-09.html", refsource: "CONFIRM", url: "http://www.mozilla.org/security/announce/mfsa2005-09.html", }, { name: "RHSA-2005:323", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-323.html", }, { name: "12407", refsource: "BID", url: "http://www.securityfocus.com/bid/12407", }, { name: "oval:org.mitre.oval:def:100049", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", refsource: "CONFIRM", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263", }, { name: "oval:org.mitre.oval:def:9578", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0147", datePublished: "2005-01-29T05:00:00", dateReserved: "2005-01-25T00:00:00", dateUpdated: "2024-08-07T21:05:24.870Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0761
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
References
▼ | URL | Tags |
---|---|---|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | vendor-advisory, x_refsource_SCO | |
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | vendor-advisory, x_refsource_SUSE | |
http://www.redhat.com/support/errata/RHSA-2004-421.html | vendor-advisory, x_refsource_REDHAT | |
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 | x_refsource_CONFIRM | |
http://marc.info/?l=bugtraq&m=109900315219363&w=2 | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/15495 | vdb-entry, x_refsource_BID | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603 | vdb-entry, signature, x_refsource_OVAL | |
http://bugzilla.mozilla.org/show_bug.cgi?id=240053 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16871 | vdb-entry, x_refsource_XF | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:46.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3603", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", }, { name: "mozilla-redirect-ssl-spoof(16871)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871", }, { name: "oval:org.mitre.oval:def:9240", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-08-02T00:00:00", descriptions: [ { lang: "en", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SCOSA-2005.49", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3603", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", }, { name: "mozilla-redirect-ssl-spoof(16871)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871", }, { name: "oval:org.mitre.oval:def:9240", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SCOSA-2005.49", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt", }, { name: "SUSE-SA:2004:036", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html", }, { name: "RHSA-2004:421", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-421.html", }, { name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", refsource: "CONFIRM", url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", }, { name: "FLSA:2089", refsource: "FEDORA", url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2", }, { name: "15495", refsource: "BID", url: "http://www.securityfocus.com/bid/15495", }, { name: "oval:org.mitre.oval:def:3603", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603", }, { name: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", refsource: "CONFIRM", url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053", }, { name: "mozilla-redirect-ssl-spoof(16871)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871", }, { name: "oval:org.mitre.oval:def:9240", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0761", datePublished: "2004-08-03T04:00:00", dateReserved: "2004-08-02T00:00:00", dateUpdated: "2024-08-08T00:31:46.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0300
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:50:47.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20030514 Buffer overflows in multiple IMAP clients", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-05-14T00:00:00", descriptions: [ { lang: "en", value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20030514 Buffer overflows in multiple IMAP clients", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0300", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20030514 Buffer overflows in multiple IMAP clients", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0300", datePublished: "2003-05-15T04:00:00", dateReserved: "2003-05-14T00:00:00", dateUpdated: "2024-08-08T01:50:47.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0238
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
▼ | URL | Tags |
---|---|---|
http://www.shmoo.com/idn/homograph.txt | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | vdb-entry, x_refsource_XF | |
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | mailing-list, x_refsource_FULLDISC | |
http://www.shmoo.com/idn | x_refsource_MISC | |
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/12461 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.460Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { name: "multiple-browsers-idn-spoof(19236)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { name: "20050206 state of homograph attacks", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.shmoo.com/idn", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", }, { name: "12461", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12461", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-06T00:00:00", descriptions: [ { lang: "en", value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.shmoo.com/idn/homograph.txt", }, { name: "multiple-browsers-idn-spoof(19236)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { name: "20050206 state of homograph attacks", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.shmoo.com/idn", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", }, { name: "12461", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12461", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2005-0238", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.shmoo.com/idn/homograph.txt", refsource: "MISC", url: "http://www.shmoo.com/idn/homograph.txt", }, { name: "multiple-browsers-idn-spoof(19236)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", }, { name: "20050206 state of homograph attacks", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", }, { name: "http://www.shmoo.com/idn", refsource: "MISC", url: "http://www.shmoo.com/idn", }, { name: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399", }, { name: "12461", refsource: "BID", url: "http://www.securityfocus.com/bid/12461", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-0238", datePublished: "2005-02-07T05:00:00", dateReserved: "2005-02-07T00:00:00", dateUpdated: "2024-08-07T21:05:25.460Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2265
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:49.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-50.html", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "oval:org.mitre.oval:def:10397", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:417", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417", }, { name: "oval:org.mitre.oval:def:781", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781", }, { name: "oval:org.mitre.oval:def:100008", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "P-252", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/p-252.shtml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-50.html", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "16059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16059", }, { name: "16044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16044", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "oval:org.mitre.oval:def:10397", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397", }, { tags: [ "x_refsource_MISC", ], url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { name: "16043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16043", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:417", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417", }, { name: "oval:org.mitre.oval:def:781", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781", }, { name: "oval:org.mitre.oval:def:100008", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2265", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:49.011Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-6498
Vulnerability from cvelistv5
Published
2006-12-20 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:26:46.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "21668", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21668", }, { name: "23433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23433", }, { name: "23439", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23439", }, { name: "23672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23672", }, { name: "ADV-2006-5068", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/5068", }, { name: "23468", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23468", }, { name: "RHSA-2006:0758", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html", }, { name: "1017398", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017398", }, { name: "DSA-1265", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1265", }, { name: "24078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24078", }, { name: "23692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23692", }, { name: "USN-398-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-398-2", }, { name: "GLSA-200701-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml", }, { name: "23282", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23282", }, { name: "24390", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24390", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", }, { name: "oval:org.mitre.oval:def:10661", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661", }, { name: "FEDORA-2006-1491", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/cms/node/2297", }, { name: "23422", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23422", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "23591", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23591", }, { name: "1017405", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017405", }, { name: "23614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23614", }, { name: "1017406", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017406", }, { name: "RHSA-2006:0759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html", }, { name: "USN-398-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-398-1", }, { name: "ADV-2008-0083", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0083", }, { name: "FEDORA-2007-004", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/cms/node/2338", }, { name: "23420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23420", }, { name: "20061202-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", }, { name: "23440", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23440", }, { name: "SUSE-SA:2006:080", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html", }, { name: "20061222 rPSA-2006-0234-1 firefox", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded", }, { name: "VU#427972", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/427972", }, { name: "23545", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23545", }, { name: "23618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23618", }, { name: "TA06-354A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html", }, { name: "VU#447772", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/447772", }, { name: "23589", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23589", }, { name: "DSA-1253", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1253", }, { name: "DSA-1258", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1258", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-883", }, { name: "20070102 rPSA-2006-0234-2 firefox thunderbird", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded", }, { name: "SUSE-SA:2007:006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html", }, { name: "23601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23601", }, { name: "23988", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23988", }, { name: "102955", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1", }, { name: "23514", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23514", }, { name: "GLSA-200701-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200701-02.xml", }, { name: "RHSA-2006:0760", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html", }, { name: "ADV-2007-2106", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2106", }, { name: "USN-400-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-400-1", }, { name: "25556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25556", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-12-19T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "21668", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21668", }, { name: "23433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23433", }, { name: "23439", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23439", }, { name: "23672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23672", }, { name: "ADV-2006-5068", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/5068", }, { name: "23468", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23468", }, { name: "RHSA-2006:0758", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html", }, { name: "1017398", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017398", }, { name: "DSA-1265", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1265", }, { name: "24078", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24078", }, { name: "23692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23692", }, { name: "USN-398-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-398-2", }, { name: "GLSA-200701-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml", }, { name: "23282", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23282", }, { name: "24390", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24390", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", }, { name: "oval:org.mitre.oval:def:10661", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661", }, { name: "FEDORA-2006-1491", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/cms/node/2297", }, { name: "23422", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23422", }, { name: "HPSBUX02153", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { name: "23591", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23591", }, { name: "1017405", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017405", }, { name: "23614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23614", }, { name: "1017406", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017406", }, { name: "RHSA-2006:0759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html", }, { name: "USN-398-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-398-1", }, { name: "ADV-2008-0083", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0083", }, { name: "FEDORA-2007-004", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/cms/node/2338", }, { name: "23420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23420", }, { name: "20061202-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc", }, { name: "23440", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23440", }, { name: "SUSE-SA:2006:080", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html", }, { name: "20061222 rPSA-2006-0234-1 firefox", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded", }, { name: "VU#427972", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/427972", }, { name: "23545", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23545", }, { name: "23618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23618", }, { name: "TA06-354A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html", }, { name: "VU#447772", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/447772", }, { name: "23589", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23589", }, { name: "DSA-1253", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1253", }, { name: "DSA-1258", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1258", }, { name: "SSRT061181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-883", }, { name: "20070102 rPSA-2006-0234-2 firefox thunderbird", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded", }, { name: "SUSE-SA:2007:006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html", }, { name: "23601", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23601", }, { name: "23988", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23988", }, { name: "102955", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1", }, { name: "23514", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23514", }, { name: "GLSA-200701-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200701-02.xml", }, { name: "RHSA-2006:0760", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html", }, { name: "ADV-2007-2106", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2106", }, { name: "USN-400-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-400-1", }, { name: "25556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25556", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2006-6498", datePublished: "2006-12-20T01:00:00", dateReserved: "2006-12-13T00:00:00", dateUpdated: "2024-08-07T20:26:46.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2266
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.659Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "15549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15549", }, { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "15553", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15553", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "15551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15551", }, { name: "oval:org.mitre.oval:def:100107", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107", }, { name: "oval:org.mitre.oval:def:1415", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.mozilla.org/security/announce/mfsa2005-52.html", }, { name: "oval:org.mitre.oval:def:10712", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:773", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773", }, { name: "mozilla-frame-topfocus-xss(21332)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "15549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15549", }, { name: "DSA-810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-810", }, { name: "SUSE-SR:2005:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html", }, { name: "15553", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15553", }, { name: "FLSA:160202", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", }, { name: "19823", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19823", }, { name: "RHSA-2005:587", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-587.html", }, { name: "ADV-2005-1075", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2005/1075", }, { name: "RHSA-2005:601", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-601.html", }, { name: "15551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15551", }, { name: "oval:org.mitre.oval:def:100107", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107", }, { name: "oval:org.mitre.oval:def:1415", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415", }, { name: "SUSE-SA:2005:045", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", }, { name: "14242", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14242", }, { name: "RHSA-2005:586", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-586.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.mozilla.org/security/announce/mfsa2005-52.html", }, { name: "oval:org.mitre.oval:def:10712", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712", }, { name: "SUSE-SA:2006:022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2006_04_25.html", }, { name: "oval:org.mitre.oval:def:773", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773", }, { name: "mozilla-frame-topfocus-xss(21332)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-2266", datePublished: "2005-07-13T04:00:00", dateReserved: "2005-07-13T00:00:00", dateUpdated: "2024-08-07T22:22:48.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }