Vulnerabilites related to mozilla - mozilla
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/973309Patch, Third Party Advisory, US Government Resource
secalert@redhat.comhttp://www.mikx.de/firelinking/Exploit
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-37.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13216
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290036Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/973309Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mikx.de/firelinking/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-37.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13216
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290036Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel=\"icon\"> tag with a javascript: URL in the href attribute, aka \"Firelinking.\"",
      },
   ],
   id: "CVE-2005-1155",
   lastModified: "2024-11-20T23:56:44.020",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/973309",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firelinking/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-37.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/13216",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/973309",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firelinking/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-37.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13216",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Impacted products
Vendor Product Version
microsoft internet_explorer 6.0.2900
mozilla mozilla *
netscape navigator *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.",
      },
   ],
   id: "CVE-2002-0815",
   lastModified: "2024-11-20T23:39:56.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-08-12T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
References
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=111168413007891&w=2
secalert@redhat.comhttp://mikx.de/firescrolling2/Exploit
secalert@redhat.comhttp://secunia.com/advisories/14654Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-32.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-335.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-336.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12885Exploit, Patch
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/0296
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=111168413007891&w=2
af854a3a-2127-422b-91ae-364da2661108http://mikx.de/firescrolling2/Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14654Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-32.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-336.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12885Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0296
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka \"Firescrolling 2.\"",
      },
   ],
   id: "CVE-2005-0401",
   lastModified: "2024-11-20T23:55:02.483",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://mikx.de/firescrolling2/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14654",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-32.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/12885",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/0296",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://mikx.de/firescrolling2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14654",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-32.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/12885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/0296",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-12 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://securitytracker.com/id?1013962
secalert@redhat.comhttp://securitytracker.com/id?1013963
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-43.htmlPatch
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-434.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-435.html
secalert@redhat.comhttp://www.securityfocus.com/bid/13641
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/0530
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013962
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013963
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-43.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-434.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-435.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13641
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0530
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1CB48E1-FCDD-49B2-B73E-37E912072683",
                     versionEndIncluding: "1.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via \"Wrapped\" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) \"a nested variant.\"",
      },
   ],
   id: "CVE-2005-1531",
   lastModified: "2024-11-20T23:57:33.970",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-12T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1013962",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1013963",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-43.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/13641",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/0530",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013962",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013963",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-43.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13641",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/0530",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-12-20 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
References
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
secalert@redhat.comhttp://fedoranews.org/cms/node/2297
secalert@redhat.comhttp://fedoranews.org/cms/node/2338
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2006-0758.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2006-0759.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2006-0760.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23282Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23420Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23422Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23433Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23439Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23440Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23468Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23514Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23545Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23589Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23591Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23601Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23614Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23618Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23672Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23692Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/23988Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24078Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24390Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/25556Vendor Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200701-02.xml
secalert@redhat.comhttp://securitytracker.com/id?1017398
secalert@redhat.comhttp://securitytracker.com/id?1017405
secalert@redhat.comhttp://securitytracker.com/id?1017406
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1253
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1258
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1265
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/427972US Government Resource
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/447772US Government Resource
secalert@redhat.comhttp://www.mozilla.org/security/announce/2006/mfsa2006-68.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_80_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_06_mozilla.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/455145/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/455728/100/200/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/21668
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-398-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-398-2
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-400-1
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA06-354A.htmlUS Government Resource
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/5068
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2106
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/0083
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-883
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2297
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2338
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2006-0758.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2006-0759.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2006-0760.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23282Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23420Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23422Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23433Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23439Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23440Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23468Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23514Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23545Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23589Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23591Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23601Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23614Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23618Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23672Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23692Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23988Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24078Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24390Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25556Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200701-02.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017398
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017405
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017406
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1253
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1258
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1265
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/427972US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/447772US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455145/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455728/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21668
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-398-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-398-2
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-400-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/5068
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2106
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-883
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB88E86-6E83-4A59-9266-8B98AA91774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2F38886-C25A-4C6B-93E7-36461405BA99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "2917BD67-CE81-4B94-B241-D4A9DDA60319",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3487FA64-BE04-42CA-861E-3DAC097D7D32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0D56153-E20A-46D8-859E-A51E5C03D674",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C51A6F4-F88F-4BF2-BF71-5DC48559C085",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFC390CB-774C-47BE-95C3-059943A9E645",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B71DE7AC-553B-4524-8B33-5605518449EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "72B02389-0DCD-45BC-A09F-CB6B75940616",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "41AE4644-2D23-43EA-ABDA-7BE60EFD1EFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6C169DA-26BC-42EE-817B-2F0685069495",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C99BAF7-B48E-4402-B2BF-EB07235E402E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F0C73F-291F-4A92-87B8-2269B5C1516D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "C86FD617-E4FE-4F85-AAA4-4F968A9DEC9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "938B1260-74A7-4CFF-8086-415DCC284430",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28672BA-E3C2-40C3-80E1-95B7CDD089E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "9308147C-0A23-48BC-BFA9-A49B9D73014E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "22D33486-4956-4E2C-BA16-FA269A9D02BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "381313EF-DF84-4F66-9962-DE8F45029D79",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 y Mozilla 1.7 y puede que versiones anteriores en Solaris; permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) y posiblemente ejecutar código de su elección mediante vectores desconocidos, teniendo impacto desconocido.",
      },
   ],
   id: "CVE-2006-6498",
   lastModified: "2024-11-21T00:22:49.570",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2006-12-20T01:28:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc",
      },
      {
         source: "secalert@redhat.com",
         url: "http://fedoranews.org/cms/node/2297",
      },
      {
         source: "secalert@redhat.com",
         url: "http://fedoranews.org/cms/node/2338",
      },
      {
         source: "secalert@redhat.com",
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
      },
      {
         source: "secalert@redhat.com",
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23282",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23420",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23422",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23433",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23439",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23440",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23468",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23514",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23545",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23589",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23591",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23601",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23614",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23618",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23672",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23692",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23988",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24078",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24390",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25556",
      },
      {
         source: "secalert@redhat.com",
         url: "http://security.gentoo.org/glsa/glsa-200701-02.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1017398",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1017405",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1017406",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2007/dsa-1253",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2007/dsa-1258",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2007/dsa-1265",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/427972",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/447772",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/21668",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-398-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-398-2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-400-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/5068",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2007/2106",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2008/0083",
      },
      {
         source: "secalert@redhat.com",
         url: "https://issues.rpath.com/browse/RPL-883",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://fedoranews.org/cms/node/2297",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://fedoranews.org/cms/node/2338",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23282",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23420",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23422",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23433",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23439",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23468",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23514",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23545",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23589",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23614",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23618",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23672",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23692",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/23988",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24078",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25556",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200701-02.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1017398",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1017405",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1017406",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2007/dsa-1253",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2007/dsa-1258",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2007/dsa-1265",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/427972",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/447772",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/21668",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-398-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-398-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-400-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/5068",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/2106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/0083",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.rpath.com/browse/RPL-883",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/414240Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.securityfocus.com/bid/11174Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17380
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=257314Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/414240Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                     matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                     matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
                     matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                     matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
                     matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
                     matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.",
      },
   ],
   id: "CVE-2004-0903",
   lastModified: "2024-11-20T23:49:38.603",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-01-27T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/414240",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/414240",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
References
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-02.htmlVendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-384.html
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=251297
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17832
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-02.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=251297
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17832
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.",
      },
   ],
   id: "CVE-2005-0142",
   lastModified: "2024-11-20T23:54:30.660",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=236618
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16862
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=236618
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16862
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378
Impacted products
Vendor Product Version
mozilla mozilla 1.6
netscape navigator 7.0
netscape navigator 7.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.",
      },
      {
         lang: "es",
         value: "Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección.",
      },
   ],
   id: "CVE-2004-0722",
   lastModified: "2024-11-20T23:49:15.250",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
References
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-17.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12659
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=268059Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-17.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=268059Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname.",
      },
   ],
   id: "CVE-2005-0590",
   lastModified: "2024-11-20T23:55:28.110",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-17.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-17.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer basado en el montículo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar código arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un búfer durante la descompresión.",
      },
   ],
   id: "CVE-2002-1308",
   lastModified: "2024-11-20T23:41:01.103",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-11-29T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-162.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-163.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6185",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-162.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-163.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6185",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-02-02 20:06
Modified
2024-11-21 00:06
Severity ?
Summary
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
secalert@redhat.comhttp://secunia.com/advisories/18700
secalert@redhat.comhttp://secunia.com/advisories/18703
secalert@redhat.comhttp://secunia.com/advisories/18704
secalert@redhat.comhttp://secunia.com/advisories/18705
secalert@redhat.comhttp://secunia.com/advisories/18706
secalert@redhat.comhttp://secunia.com/advisories/18708
secalert@redhat.comhttp://secunia.com/advisories/18709
secalert@redhat.comhttp://secunia.com/advisories/19230
secalert@redhat.comhttp://secunia.com/advisories/19746
secalert@redhat.comhttp://secunia.com/advisories/19759
secalert@redhat.comhttp://secunia.com/advisories/19780
secalert@redhat.comhttp://secunia.com/advisories/19821
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://secunia.com/advisories/19852
secalert@redhat.comhttp://secunia.com/advisories/19862
secalert@redhat.comhttp://secunia.com/advisories/19863
secalert@redhat.comhttp://secunia.com/advisories/19902
secalert@redhat.comhttp://secunia.com/advisories/19941
secalert@redhat.comhttp://secunia.com/advisories/19950
secalert@redhat.comhttp://secunia.com/advisories/20051
secalert@redhat.comhttp://secunia.com/advisories/21033
secalert@redhat.comhttp://secunia.com/advisories/21622
secalert@redhat.comhttp://secunia.com/advisories/22065
secalert@redhat.comhttp://securitytracker.com/id?1015570
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1044
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1046
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1051
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:036
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:037
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:078
secalert@redhat.comhttp://www.mozilla.org/security/announce/2006/mfsa2006-01.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
secalert@redhat.comhttp://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0199.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0200.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0330.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/425975/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/425978/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/438730/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/438730/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/446657/100/200/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/446657/100/200/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/16476
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/0413
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3391
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3749
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=316885Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24430
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670
secalert@redhat.comhttps://usn.ubuntu.com/271-1/
secalert@redhat.comhttps://usn.ubuntu.com/275-1/
secalert@redhat.comhttps://usn.ubuntu.com/276-1/
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18700
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18703
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18704
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18705
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18706
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18708
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18709
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19230
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19746
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19759
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19780
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19821
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19852
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19862
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19863
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19902
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19941
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19950
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20051
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21033
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21622
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22065
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015570
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1044
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1046
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1051
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-01.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0199.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0200.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0330.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/425975/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/425978/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438730/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438730/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16476
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0413
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3391
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3749
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=316885Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24430
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/271-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/275-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/276-1/



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
                     matchCriteriaId: "659F5DAF-D54F-43FB-AB2A-3FC7D456B434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB88E86-6E83-4A59-9266-8B98AA91774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.",
      },
   ],
   id: "CVE-2006-0292",
   lastModified: "2024-11-21T00:06:07.390",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-02-02T20:06:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt",
      },
      {
         source: "secalert@redhat.com",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18700",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18703",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18704",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18705",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18706",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18708",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/18709",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19230",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19746",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19759",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19780",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19821",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19852",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19862",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19863",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19902",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19941",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19950",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/20051",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/21033",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/21622",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/22065",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1015570",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2006/dsa-1044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2006/dsa-1046",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2006/dsa-1051",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/16476",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/0413",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/3391",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2006/3749",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/271-1/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/275-1/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://usn.ubuntu.com/276-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18700",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18703",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18704",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18705",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18706",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18708",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/18709",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19230",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19746",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19759",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19821",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19852",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19862",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19863",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19902",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19941",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19950",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/20051",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/21033",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/21622",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/22065",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1015570",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2006/dsa-1044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2006/dsa-1046",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2006/dsa-1051",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/16476",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/0413",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/3391",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/3749",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/271-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/275-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://usn.ubuntu.com/276-1/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-09-24 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1196F08A-E1AF-41F0-9685-0E54A8409D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B32DBCE5-7463-4124-A6E1-5D2206F31E0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "864F6D5C-88BE-4FDB-ABD6-E0AB1C7377BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.",
      },
   ],
   id: "CVE-2002-1126",
   lastModified: "2024-11-20T23:40:39.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-09-24T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10084.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5694",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10084.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5694",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=240053Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16871
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=240053Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16871
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF",
                     versionEndIncluding: "0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2",
                     versionEndIncluding: "0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.",
      },
      {
         lang: "es",
         value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7 permiten a atacantes remotos usar ciertas secuencias de redirección para suplantar el icono de la cerradura de seguridad que se muestra cuando una página está cifrada.",
      },
   ],
   id: "CVE-2004-0761",
   lastModified: "2024-11-20T23:49:20.750",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:galeon:galeon_browser:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E89FB22-EF04-446F-AF36-44878AB57AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:galeon:galeon_browser:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "184CDE30-30DE-49F5-A44D-36CA3852BF12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.",
      },
   ],
   id: "CVE-2002-0594",
   lastModified: "2024-11-20T23:39:26.463",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-06-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://online.securityfocus.com/archive/1/270249",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/8977.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/4640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://online.securityfocus.com/archive/1/270249",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/8977.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/4640",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=250906Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16691
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=250906Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16691
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.",
      },
      {
         lang: "es",
         value: "Mozilla permite a atacantes remotos causar que Mozilla abra una URI como de un tipo MIME distinto al esperado mediante un carácter nulo (%00) en una URI FTP.",
      },
   ],
   id: "CVE-2004-0760",
   lastModified: "2024-11-20T23:49:20.603",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
Impacted products
Vendor Product Version
mozilla mozilla 1.7.8



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.",
      },
   ],
   id: "CVE-2005-4874",
   lastModified: "2024-11-21T00:05:23.330",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.",
      },
   ],
   id: "CVE-2004-0909",
   lastModified: "2024-11-20T23:49:39.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12526",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/113192",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12526",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/113192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-08-31 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
                     versionEndIncluding: "3.0.13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "63DF3D65-C992-44CF-89B4-893526C6242E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9024117-2E8B-4240-9E21-CC501F3879B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "52624B41-AB34-40AD-8709-D9646B618AB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "917E9856-9556-4FD6-A834-858F8837A6B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "98BBD74D-930C-4D80-A91B-0D61347BAA63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAF2E696-883D-4DE5-8B79-D8E5D9470253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "94E04FD9-38E8-462D-82C2-729F7F7F0465",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "5888517E-3C57-4A0A-9895-EA4BCB0A0ED5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BB21291-B9F3-445E-A9E9-EA1822083DD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*",
                     matchCriteriaId: "C100B62E-9199-4983-AFC2-EBC55AF230BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*",
                     matchCriteriaId: "4C5C2EED-CA12-416C-8695-18DD215B0351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "347AB95F-166E-449A-82D7-BEC10257E0D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAB559BD-4BF7-417F-962F-B8971FF1614B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.",
      },
      {
         lang: "es",
         value: "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no manejan de forma adecuada las URIs javascript en los enlaces HTML incluidos en los documentos de error 302 enviados desde servidores web, lo que permite a atacantes remotos asistidos por usuarios realizar un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a (1) inyectar una cabecera Location de respuesta HTTP o (2) especificando el contenidos de una cabecera Location de respuesta HTTP.\r\n",
      },
   ],
   id: "CVE-2009-3014",
   lastModified: "2024-11-21T01:06:18.580",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2009-08-31T16:30:06.967",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3373/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3386/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3373/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3386/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop  that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.",
      },
      {
         lang: "es",
         value: "Ciertas versiones (desconocidas) de Mozilla permiten a atacantes remotos causar una denegación de servicio (alto consumo de RAM/CPU) usando Javascritp en un bucle infinito que añade continuamente entrada a un formulario, posiblemente como resultado de inserción de caractéres de control, como se ha demostrado usando un carácter \"Ctrl-U\" embebido.",
      },
   ],
   id: "CVE-2004-0478",
   lastModified: "2024-11-20T23:48:40.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-07-07T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://securitytracker.com/id?1013742Patch
secalert@redhat.comhttp://securitytracker.com/id?1013743Patch
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-40.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/13232Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290162Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20123
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013742Patch
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013743Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-40.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13232Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290162Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20123
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.",
      },
   ],
   id: "CVE-2005-1159",
   lastModified: "2024-11-20T23:56:44.520",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013742",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013743",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-40.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13232",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013743",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-40.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=229374Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/10856
cve@mitre.orghttp://www.kb.cert.org/vuls/id/561022US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16869
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=229374Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10856
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/561022US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16869
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF",
                     versionEndIncluding: "0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2",
                     versionEndIncluding: "0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer basado en el montón en SenUidl en la capacidad POP3 de Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, puede permitir a servidores POP3 remotos ejecutar código arbitrario.",
      },
   ],
   id: "CVE-2004-0757",
   lastModified: "2024-11-20T23:49:20.160",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/10856",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/561022",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/10856",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/561022",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF",
                     versionEndIncluding: "0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2",
                     versionEndIncluding: "0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.",
      },
      {
         lang: "es",
         value: "La función cet_TestHostName en Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, sólo comprueba la porción de nombre de máquina de un certificado cuando la porción de nombre de máquina de la URI no es un nombre de dominio completamente cualificado (FQDN - fully qualified domain name), lo que permite a atacantes remotos suplantar certificados de confianza.",
      },
   ],
   id: "CVE-2004-0765",
   lastModified: "2024-11-20T23:49:21.363",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=226669
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=245066
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=256316
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=258005
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17378
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17379
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=226669
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=245066
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=256316
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=258005
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                     matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                     matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
                     matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                     matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
                     matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
                     matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.",
      },
   ],
   id: "CVE-2004-0902",
   lastModified: "2024-11-20T23:49:38.423",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-01-27T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://secunia.com/advisories/14820Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/14821Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19823Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1013635Exploit
cve@mitre.orghttp://securitytracker.com/id?1013643Exploit
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-33.htmlVendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-384.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-601.html
cve@mitre.orghttp://www.securityfocus.com/bid/12988
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=288688
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14820Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14821Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013635Exploit
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013643Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-33.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12988
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=288688
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706
Impacted products
Vendor Product Version
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla mozilla 1.7.6
netscape navigator 7.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.",
      },
   ],
   id: "CVE-2005-0989",
   lastModified: "2024-11-20T23:56:20.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14820",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14821",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1013635",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1013643",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12988",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14820",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14821",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1013635",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1013643",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12988",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
References
secalert@redhat.comhttp://secunia.com/advisories/15489Exploit, Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/Exploit
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-54.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15489Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-54.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"",
      },
   ],
   id: "CVE-2005-2268",
   lastModified: "2024-11-20T23:59:10.483",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/15489",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-54.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/15489",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-54.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Impacted products
Vendor Product Version
mozilla mozilla 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.",
      },
   ],
   id: "CVE-2002-2314",
   lastModified: "2024-11-20T23:43:23.140",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
      },
      {
         source: "cve@mitre.org",
         url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://seclists.org/bugtraq/2002/Jul/0260.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/9656.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/5293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://seclists.org/bugtraq/2002/Jul/0260.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/9656.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/5293",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
References
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-01.htmlVendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/12407
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=249332Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19168
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12407
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=249332Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19168
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756
Impacted products
Vendor Product Version
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.",
      },
   ],
   id: "CVE-2005-0141",
   lastModified: "2024-11-20T23:54:30.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F23F3867-1318-4ACF-A3A6-F0605BDA8BA3",
                     versionEndExcluding: "1.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F232DA-F897-4429-922E-F5CFF865A8AA",
                     versionEndExcluding: "1.7.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.",
      },
   ],
   id: "CVE-2005-0587",
   lastModified: "2024-11-20T23:55:27.757",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2005-03-25T05:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.",
      },
   ],
   id: "CVE-2004-1381",
   lastModified: "2024-11-20T23:50:44.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-10-20T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12712",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=246448
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/11978Vendor Advisory
cve@mitre.orghttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2005/dsa-777
cve@mitre.orghttp://www.debian.org/security/2005/dsa-810
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:082
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/1598
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=246448
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11978Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-777
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
Impacted products
Vendor Product Version
firebirdsql firebird 0.7
mozilla mozilla 1.6
netscape navigator 7.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.",
      },
      {
         lang: "es",
         value: "Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como \"de inyección de marco\".",
      },
   ],
   id: "CVE-2004-0718",
   lastModified: "2024-11-20T23:49:14.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-07-27T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/11978",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2005/dsa-777",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/11978",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
References
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-20.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12659
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=271209Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-20.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=271209Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.",
      },
   ],
   id: "CVE-2005-0588",
   lastModified: "2024-11-20T23:55:27.877",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-20.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-20.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-06-14 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
References
security@debian.orghttp://secunia.com/advisories/15601
security@debian.orghttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
security@debian.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1
security@debian.orghttp://www.debian.org/security/2005/dsa-777
security@debian.orghttp://www.debian.org/security/2005/dsa-810
security@debian.orghttp://www.mozilla.org/security/announce/mfsa2005-51.html
security@debian.orghttp://www.novell.com/linux/security/advisories/2005_18_sr.html
security@debian.orghttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
security@debian.orghttp://www.redhat.com/support/errata/RHSA-2005-586.html
security@debian.orghttp://www.redhat.com/support/errata/RHSA-2005-587.html
security@debian.orghttp://www.securityfocus.com/bid/14242
security@debian.orghttp://www.vupen.com/english/advisories/2005/1075
security@debian.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=296850
security@debian.orghttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
security@debian.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007
security@debian.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633
security@debian.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637
security@debian.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15601
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-777
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-51.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=296850
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759
Impacted products
Vendor Product Version
mozilla firefox 1.0.3
mozilla mozilla 1.7.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.",
      },
   ],
   id: "CVE-2005-1937",
   lastModified: "2024-11-20T23:58:27.323",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-06-14T04:00:00.000",
   references: [
      {
         source: "security@debian.org",
         url: "http://secunia.com/advisories/15601",
      },
      {
         source: "security@debian.org",
         url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
      },
      {
         source: "security@debian.org",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1",
      },
      {
         source: "security@debian.org",
         url: "http://www.debian.org/security/2005/dsa-777",
      },
      {
         source: "security@debian.org",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "security@debian.org",
         url: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "security@debian.org",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "security@debian.org",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "security@debian.org",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
      },
      {
         source: "security@debian.org",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "security@debian.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007",
      },
      {
         source: "security@debian.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633",
      },
      {
         source: "security@debian.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637",
      },
      {
         source: "security@debian.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/15601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759",
      },
   ],
   sourceIdentifier: "security@debian.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B711600-425F-4FF9-BC5E-B8D182A2B9F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*",
                     matchCriteriaId: "213EB326-33D1-4329-A6BB-B1AA1C626E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*",
                     matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*",
                     matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*",
                     matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA48AF1E-99EF-419C-B425-001C7134C6BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*",
                     matchCriteriaId: "C97DE00F-4C73-4C54-918E-D540F2C3297B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5A07AD2-2293-443A-9A32-316B832A5276",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A823994-786D-41D7-9FA7-FF8058C4AFD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4613823-DA14-4BE2-986C-2EED3DB82BA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA4FBB90-8A52-41B4-B08A-53A86CF56898",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.",
      },
   ],
   id: "CVE-2002-2013",
   lastModified: "2024-11-20T23:42:39.870",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/7973.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/3925",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/7973.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/3925",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
         lastModified: "2006-08-30T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.",
      },
   ],
   id: "CVE-2005-0578",
   lastModified: "2024-11-20T23:55:26.503",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-36.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13230
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=289675Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-36.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13230
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=289675Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"",
      },
   ],
   id: "CVE-2005-1154",
   lastModified: "2024-11-20T23:56:43.900",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-36.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/13230",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-36.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13230",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-09-16 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Impacted products
Vendor Product Version
mozilla mozilla 0.9.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"",
      },
   ],
   id: "CVE-2004-0871",
   lastModified: "2024-11-20T23:49:35.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-09-16T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://securityfocus.com/archive/1/375407",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1011331",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://securityfocus.com/archive/1/375407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1011331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
Impacted products
Vendor Product Version
mozilla mozilla 1.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.",
      },
   ],
   id: "CVE-2004-1450",
   lastModified: "2024-11-20T23:50:54.703",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-03-15 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=227417Exploit, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107774710729469&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108448379429944&w=2
cve@mitre.orghttp://www.osvdb.org/4062
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-110.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-112.html
cve@mitre.orghttp://www.securityfocus.com/bid/9747Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15322
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=227417Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107774710729469&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108448379429944&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/4062
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-110.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-112.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9747Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15322
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.",
      },
      {
         lang: "es",
         value: "Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior (\"documento zombi\") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove.",
      },
   ],
   id: "CVE-2004-0191",
   lastModified: "2024-11-20T23:47:58.223",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-03-15T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/4062",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-110.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/9747",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/4062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-110.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/9747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-03-23 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
References
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-03.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-384.html
cve@mitre.orghttp://www.securityfocus.com/bid/12407
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=257308Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19166
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-03.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12407
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=257308Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19166
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*",
                     matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.",
      },
   ],
   id: "CVE-2005-0143",
   lastModified: "2024-11-20T23:54:30.813",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-03-23T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
Impacted products
Vendor Product Version
firebirdsql firebird 0.7
mozilla firefox 0.8
mozilla mozilla 1.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.",
      },
      {
         lang: "es",
         value: "Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contraseñas almacenadas en caché de sitios cifrados con SSL sean sólo enviadas mediante sesiones cifradas con el sitio, lo que permite a atacantes remotos hacer que contraseñas en caché sean enviadas en texto plano al sitio suplantado.",
      },
   ],
   id: "CVE-2004-0779",
   lastModified: "2024-11-20T23:49:23.103",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
Impacted products
Vendor Product Version
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.",
      },
   ],
   id: "CVE-2005-0147",
   lastModified: "2024-11-20T23:54:31.417",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
References
cve@mitre.orghttp://secunia.com/advisories/12712Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
cve@mitre.orghttp://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-05.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18864
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12712Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-05.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"",
      },
   ],
   id: "CVE-2004-1380",
   lastModified: "2024-11-20T23:50:44.573",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-10-20T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12712",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Impacted products
Vendor Product Version
mozilla mozilla -
opera opera_browser -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03F4563F-7761-429A-971A-96EC556F7E06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4545786D-3129-4D92-B218-F4A92428ED48",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears.  NOTE: this is a different issue than CVE-2005-2407.",
      },
   ],
   id: "CVE-2004-2659",
   lastModified: "2024-11-20T23:53:55.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
Impacted products
Vendor Product Version
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.",
      },
   ],
   id: "CVE-2005-0146",
   lastModified: "2024-11-20T23:54:31.270",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
References
cve@mitre.orghttp://lcamtuf.coredump.cx/mangleme/gallery/Exploit
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.htmlExploit, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109811406620511&w=2
cve@mitre.orghttp://securitytracker.com/id?1011810Exploit, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/11439Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17805
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227
af854a3a-2127-422b-91ae-364da2661108http://lcamtuf.coredump.cx/mangleme/gallery/Exploit
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.htmlExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109811406620511&w=2
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011810Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11439Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17805
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*",
                     matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
                     matchCriteriaId: "81B543F9-C209-46C2-B0AE-E14818A6992E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "DB89C970-DE94-4E09-A90A-077DB83AD156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6996B14-925B-46B8-982F-3545328B506B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
                     matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
                     matchCriteriaId: "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.",
      },
   ],
   id: "CVE-2004-1613",
   lastModified: "2024-11-20T23:51:19.473",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-10-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://securitytracker.com/id?1011810",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11439",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://securitytracker.com/id?1011810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11439",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
Impacted products
Vendor Product Version
mozilla mozilla 0.9.9
mozilla mozilla 1.0
netscape communicator 6.1
netscape navigator 6.0
netscape navigator 6.01



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F009302-6798-4189-BE56-FB8E67C64592",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.",
      },
   ],
   id: "CVE-2002-0593",
   lastModified: "2024-11-20T23:39:26.340",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-06-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://online.securityfocus.com/archive/1/270249",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/8039",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/8976.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/4637",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://online.securityfocus.com/archive/1/270249",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/8039",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/8976.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/4637",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-35.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=289204
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-35.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=289204
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the \"Show javascript\" option.",
      },
   ],
   id: "CVE-2005-1153",
   lastModified: "2024-11-20T23:56:43.773",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-35.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-35.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B711600-425F-4FF9-BC5E-B8D182A2B9F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*",
                     matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*",
                     matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*",
                     matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA48AF1E-99EF-419C-B425-001C7134C6BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*",
                     matchCriteriaId: "C97DE00F-4C73-4C54-918E-D540F2C3297B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5A07AD2-2293-443A-9A32-316B832A5276",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A823994-786D-41D7-9FA7-FF8058C4AFD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.0:*:mac:*:*:*:*:*",
                     matchCriteriaId: "ACAB9169-BC6E-49CF-9A00-3F3054677B32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "6469EB31-32FF-415C-82DD-670513911371",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.",
      },
   ],
   id: "CVE-2002-2338",
   lastModified: "2024-11-20T23:43:26.720",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
      },
      {
         source: "cve@mitre.org",
         url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://online.securityfocus.com/archive/1/276628",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/9343.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/276946",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/5002",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://online.securityfocus.com/archive/1/276628",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/9343.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/276946",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/5002",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "51DBAAAE-0171-4251-ABE7-3FE54A2A6B33",
                     versionEndIncluding: "0.9.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BBE2C2D-BE31-44ED-A8EE-7AC68D24FAF9",
                     versionEndIncluding: "1.7.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EDB7FAB-1D7D-481E-83FD-DD4980278D2A",
                     versionEndIncluding: "0.7.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.",
      },
      {
         lang: "es",
         value: "Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell:",
      },
   ],
   id: "CVE-2004-0648",
   lastModified: "2024-11-20T23:49:04.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-06T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12027",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ciac.org/ciac/bulletins/o-175.shtml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/927014",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/security/shell.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/o-175.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/927014",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/shell.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
Impacted products
Vendor Product Version
mozilla mozilla 0.9.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.",
      },
   ],
   id: "CVE-2001-1490",
   lastModified: "2024-11-20T23:37:48.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2001-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/245152",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/3684",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/245152",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/3684",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B6C3153-39B0-4C14-B414-01BE10D8742E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "65DB0D49-CD49-4EF6-9013-1B03E0D644D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D64909E5-6E9A-4873-B23C-C825B5CDBAAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A86E91A-CAEA-4580-913C-DF610DEABF27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sylpheed:sylpheed_email_client:0.8.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "CED27A6B-FDDB-4729-8E98-86C062357E68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8E05D27-10F6-43CF-B7E9-73A82DE02953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9A844BF-30CC-4289-81C4-1161FDEBC345",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.",
      },
      {
         lang: "es",
         value: "El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros.",
      },
   ],
   id: "CVE-2003-0300",
   lastModified: "2024-11-20T23:44:25.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2003-06-16T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-09-20 22:03
Modified
2024-11-21 00:00
Severity ?
Summary
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/16869Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/17042
secalert@redhat.comhttp://secunia.com/advisories/17090
secalert@redhat.comhttp://secunia.com/advisories/17149
secalert@redhat.comhttp://secunia.com/advisories/17263
secalert@redhat.comhttp://secunia.com/advisories/17284
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-866
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-868
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/914681US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:174
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-58.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-785.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-791.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14888
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-186-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-186-2
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-200-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1794
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1824
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=307185Patch, Vendor Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16869Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17042
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17090
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17149
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17263
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17284
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-866
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-868
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/914681US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-58.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-785.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-791.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14888
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-186-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-186-2
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-200-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1794
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1824
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=307185Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105
Impacted products
Vendor Product Version
mozilla firefox 1.0.6
mozilla mozilla 1.7.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
                     matchCriteriaId: "659F5DAF-D54F-43FB-AB2A-3FC7D456B434",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:linux:*:*:*:*:*",
                     matchCriteriaId: "5BCA46FD-F3CB-44E5-A383-B6D3800B7BBC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.",
      },
   ],
   id: "CVE-2005-2968",
   lastModified: "2024-11-21T00:00:49.767",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-09-20T22:03:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/16869",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/17042",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/17090",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/17149",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/17263",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/17284",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-866",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-868",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/914681",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-58.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-785.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-791.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14888",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-186-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-186-2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/usn-200-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1794",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1824",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/16869",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/17042",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/17090",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/17149",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/17263",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/17284",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/914681",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-58.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-785.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-791.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14888",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-186-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-186-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-200-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1794",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1824",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vendorComments: [
      {
         comment: "Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
         lastModified: "2006-08-30T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2003-10-07 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Impacted products
Vendor Product Version
mozilla mozilla *
sco openserver 5.0.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1CB48E1-FCDD-49B2-B73E-37E912072683",
                     versionEndIncluding: "1.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.",
      },
   ],
   id: "CVE-2003-0791",
   lastModified: "2024-11-20T23:45:32.070",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2003-10-07T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "URL Repurposed",
         ],
         url: "http://secunia.com/advisories/11103/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.osvdb.org/8390",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/advisories/6979",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/9322",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "URL Repurposed",
         ],
         url: "http://secunia.com/advisories/11103/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.osvdb.org/8390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/advisories/6979",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Patch",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/9322",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-11-29 21:03
Modified
2024-11-21 00:03
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.",
      },
   ],
   id: "CVE-2005-3896",
   lastModified: "2024-11-21T00:03:00.223",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-11-29T21:03:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
Impacted products
Vendor Product Version
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.",
      },
   ],
   id: "CVE-2002-2359",
   lastModified: "2024-11-20T23:43:29.700",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2002-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/9757.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/5403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/9757.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/5403",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
References
secalert@redhat.comhttp://secunia.com/advisories/13599Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/secunia_research/2004-15/advisory/Patch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-23.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13599Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2004-15/advisory/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-23.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.",
      },
   ],
   id: "CVE-2005-0585",
   lastModified: "2024-11-20T23:55:27.503",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-03-25T05:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13599",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/secunia_research/2004-15/advisory/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-23.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13599",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/secunia_research/2004-15/advisory/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-23.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14996Patch, Vendor Advisory
secalert@redhat.comhttp://securitytracker.com/id?1013745Patch
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mikx.de/firesearching/Exploit
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13211Exploit, Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20125
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14996Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013745Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mikx.de/firesearching/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13211Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"",
      },
   ],
   id: "CVE-2005-1156",
   lastModified: "2024-11-20T23:56:44.140",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14996",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013745",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firesearching/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13211",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14996",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://securitytracker.com/id?1013745",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firesearching/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-29 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
References
cve@mitre.orghttp://isec.pl/vulnerabilities/isec-0020-mozilla.txtExploit, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110436284718949&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110780717916478&w=2
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-06.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-038.htmlExploit, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/12131
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18711
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808
af854a3a-2127-422b-91ae-364da2661108http://isec.pl/vulnerabilities/isec-0020-mozilla.txtExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110436284718949&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110780717916478&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-06.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-038.htmlExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12131
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18711
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.",
      },
   ],
   id: "CVE-2004-1316",
   lastModified: "2024-11-20T23:50:35.037",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-29T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-038.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12131",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-038.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14654Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-160.shtml
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/557948Third Party Advisory, US Government Resource
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-30.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-323.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-335.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-336.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-337.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/12881
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/0296
secalert@redhat.comhttp://xforce.iss.net/xforce/alerts/id/191Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/19269
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14654Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-160.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/557948Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-30.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-336.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-337.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12881
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0296
af854a3a-2127-422b-91ae-364da2661108http://xforce.iss.net/xforce/alerts/id/191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19269
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.",
      },
   ],
   id: "CVE-2005-0399",
   lastModified: "2024-11-20T23:55:02.207",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14654",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-160.shtml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/557948",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-30.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12881",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/0296",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://xforce.iss.net/xforce/alerts/id/191",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14654",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-160.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/557948",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-30.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12881",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/0296",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://xforce.iss.net/xforce/alerts/id/191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Impacted products
Vendor Product Version
mozilla mozilla 1.3
mozilla mozilla 1.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.",
      },
      {
         lang: "es",
         value: "El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros.",
      },
   ],
   id: "CVE-2003-0298",
   lastModified: "2024-11-20T23:44:25.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2003-06-16T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
secalert@redhat.comhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken Link, Exploit, Vendor Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=110782704923280&w=2Mailing List
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlExploit, Patch, Third Party Advisory, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlExploit, Patch, Third Party Advisory, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-29.htmlExploit, Patch, Third Party Advisory, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlBroken Link, Exploit, Patch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.htmlBroken Link
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlBroken Link
secalert@redhat.comhttp://www.securityfocus.com/bid/12461Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.shmoo.com/idnBroken Link, Exploit, Vendor Advisory
secalert@redhat.comhttp://www.shmoo.com/idn/homograph.txtBroken Link, Exploit, Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party Advisory, VDB Entry
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229Tool Signature
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken Link, Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110782704923280&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlExploit, Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlExploit, Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-29.htmlExploit, Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlBroken Link, Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12461Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.shmoo.com/idnBroken Link, Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.shmoo.com/idn/homograph.txtBroken Link, Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029Tool Signature
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229Tool Signature
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D044E602-45A5-4B14-8B16-B0978D985027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F232DA-F897-4429-922E-F5CFF865A8AA",
                     versionEndExcluding: "1.7.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
                     versionEndIncluding: "7.54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "142EB1E3-2918-4792-83D7-9D7B6A3BD26B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",
      },
   ],
   id: "CVE-2005-0233",
   lastModified: "2024-11-20T23:54:41.610",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-02-08T05:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-29.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12461",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn/homograph.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Tool Signature",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Tool Signature",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-29.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn/homograph.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Tool Signature",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Tool Signature",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-08-31 16:30
Modified
2024-11-21 01:06
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
Impacted products
Vendor Product Version
mozilla firefox *
mozilla firefox 3.5
mozilla firefox 3.6
mozilla firefox 3.7
mozilla mozilla *
mozilla seamonkey 1.1.17



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
                     versionEndIncluding: "3.0.13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.6:a1_prerelease:*:*:*:*:*:*",
                     matchCriteriaId: "A5CA287A-0263-4F6A-B685-E243D42FCFFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:3.7:a1_prerelease:*:*:*:*:*:*",
                     matchCriteriaId: "DCCEA654-2A7F-4950-9FC3-015E2E4582B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA9F1412-B29B-4D13-AEEA-4AF7B12260D0",
                     versionEndIncluding: "1.7.12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAB559BD-4BF7-417F-962F-B8971FF1614B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.  NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.",
      },
      {
         lang: "es",
         value: "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no bloquean de forma adecuada las URIs data: en las cabeceras Refresh de las respuestas HTTP, lo que permite a atacantes remotos realizar ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a (1) inyectar una cabecera Refresh que contiene secuencias Javascript en una URI data:text/html p (2) introduciendo una URI data:text/html con secuencias javascript cuando se especifica el contenido de una cabecera Refresh. NOTA: en algunas versiones del producto, el javascript se ejecuta fuera del contexto del sitio HTTP.",
      },
   ],
   id: "CVE-2009-3010",
   lastModified: "2024-11-21T01:06:17.987",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2009-08-31T16:30:06.797",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3315/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3386/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3315/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://websecurity.com.ua/3386/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
References
secalert@redhat.comhttp://secunia.com/advisories/13258Patch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-22.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12659
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13258Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-22.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.",
      },
   ],
   id: "CVE-2005-0586",
   lastModified: "2024-11-20T23:55:27.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13258",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-22.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13258",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-22.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.",
      },
      {
         lang: "es",
         value: "Mozilla permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios \"%2e%2e\" (punto punto codificado) en una URL, lo que hace que Mozilla envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo.",
      },
   ],
   id: "CVE-2003-0594",
   lastModified: "2024-11-20T23:45:06.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-04-15T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9B316E0-4A05-411A-8279-404C82288BE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B91D7920-86E6-4842-897A-553F018AD493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "F49659B4-2878-4D31-BCB8-11CA38D6FA8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.",
      },
   ],
   id: "CVE-2002-1091",
   lastModified: "2024-11-20T23:40:34.240",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-10-04T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
      },
      {
         source: "cve@mitre.org",
         url: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10058.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10058.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5665",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-09-14 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=250862Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/651928Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/11177Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17374
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=250862Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/651928Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11177Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17374
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C632D06D-0172-46DA-A7F9-0BC484365BD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                     matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                     matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
                     matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                     matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
                     matchCriteriaId: "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8C55338-3372-413F-82E3-E1B476D6F41A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
                     matchCriteriaId: "56EF103F-5668-4754-A83B-D3662D0CE815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.",
      },
   ],
   id: "CVE-2004-0905",
   lastModified: "2024-11-20T23:49:38.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-09-14T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/651928",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11177",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/651928",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11177",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Impacted products
Vendor Product Version
mozilla mozilla *
netscape navigator 6.2.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3AB0749-167A-4975-863B-DCF368AA4F9C",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "36889B90-FD18-4A5A-A732-788240E10FEE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.",
      },
   ],
   id: "CVE-2002-2061",
   lastModified: "2024-11-20T23:42:46.877",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/9287.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.iss.net/security_center/static/9287.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
         lastModified: "2006-08-30T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/847200Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.securityfocus.com/bid/11171Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17381
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/847200Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11171Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C632D06D-0172-46DA-A7F9-0BC484365BD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4007B0D-9606-46BD-866A-7911BEA292BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "2641EE56-6F9D-400B-B456-877F4DA79B10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "E0B458EA-495E-40FA-9379-C03757F7B1EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                     matchCriteriaId: "409E324A-C040-494F-A026-9DCAE01C07F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                     matchCriteriaId: "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                     matchCriteriaId: "6474B775-C893-491F-A074-802AFB1FEDD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                     matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                     matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                     matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
                     matchCriteriaId: "05853955-CA81-40D3-9A70-1227F3270D3C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                     matchCriteriaId: "777F9EC0-2919-45CA-BFF8-78A02537C513",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.",
      },
   ],
   id: "CVE-2004-0904",
   lastModified: "2024-11-20T23:49:38.777",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/847200",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11171",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/847200",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11171",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
References
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16044
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-50.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.networksecurity.fi/advisories/netscape-multiple-issues.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=295854Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-50.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=295854Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.",
      },
   ],
   id: "CVE-2005-2265",
   lastModified: "2024-11-20T23:59:10.093",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-50.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-50.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.",
      },
   ],
   id: "CVE-2004-0907",
   lastModified: "2024-11-20T23:49:39.357",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14996Patch, Vendor Advisory
secalert@redhat.comhttp://www.mikx.de/firesearching/Exploit
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13211Exploit, Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20125
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14996Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mikx.de/firesearching/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13211Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"",
      },
   ],
   id: "CVE-2005-1157",
   lastModified: "2024-11-20T23:56:44.267",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14996",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firesearching/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13211",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14996",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.mikx.de/firesearching/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/13211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
References
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://securitytracker.com/id?1014470
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/652366US Government Resource
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-56.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=294795Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=294799Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=295011Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=296397Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014470
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/652366US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-56.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=294795Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=294799Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=295011Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=296397Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.",
      },
   ],
   id: "CVE-2005-2270",
   lastModified: "2024-11-20T23:59:10.750",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1014470",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/652366",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-56.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014470",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/652366",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-56.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=241924Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16870
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=241924Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16870
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.",
      },
      {
         lang: "es",
         value: "Mozilla anteriores a 1.7 permiten a servidores web remotos leer ficheros de su elección mediante JavaScript que establece el valor de una etiqueta <input type=\"file\">.",
      },
   ],
   id: "CVE-2004-0759",
   lastModified: "2024-11-20T23:49:20.453",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-06-11 18:30
Modified
2024-11-21 00:32
Severity ?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Impacted products
Vendor Product Version
mozilla mozilla 1.7.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de truncamiento visual en Mozilla 1.7.12 permite a atacantes remotos envenenar la barra de dirección y posiblemente conducir ataques de phishing a través de un nombre de host largo, el cual está truncado después de un cierto número de caracteres, como se demostró por un ataque de phishing utilizando HTTP Basic Authentication.",
      },
   ],
   id: "CVE-2007-3144",
   lastModified: "2024-11-21T00:32:30.433",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-06-11T18:30:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/43466",
      },
      {
         source: "cve@mitre.org",
         url: "http://testing.bitsploit.de/test.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.0x000000.com/?i=334",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/24352",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/43466",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://testing.bitsploit.de/test.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.0x000000.com/?i=334",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/24352",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable.  Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux.  Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue.\n",
         lastModified: "2007-08-16T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.",
      },
   ],
   id: "CVE-2004-1449",
   lastModified: "2024-11-20T23:50:54.553",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-10-26 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
Impacted products
Vendor Product Version
mozilla firefox *
mozilla gecko 2004-09-13
mozilla mozilla 5.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B982CDA-3EDB-44A9-950B-F9F670F3E5F7",
                     versionEndIncluding: "0.10",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:gecko:2004-09-13:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D263A38-8667-4A0A-9377-55EC69A7B9D6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35FB74FC-4614-4325-9249-0DC887FD6C34",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.",
      },
   ],
   id: "CVE-2004-1639",
   lastModified: "2024-11-20T23:51:23.310",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-10-26T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:04
Severity ?
Summary
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
Impacted products
Vendor Product Version
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla firefox 0.10
mozilla firefox 0.10.1
mozilla firefox 1.0
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla firefox 1.0.3
mozilla firefox 1.0.4
mozilla firefox 1.0.5
mozilla firefox 1.0.6
mozilla firefox 1.0.7
mozilla firefox 1.5
mozilla firefox 1.5
mozilla firefox preview_release
mozilla mozilla 0.8
mozilla mozilla 0.9.2
mozilla mozilla 0.9.2.1
mozilla mozilla 0.9.3
mozilla mozilla 0.9.4
mozilla mozilla 0.9.4.1
mozilla mozilla 0.9.5
mozilla mozilla 0.9.6
mozilla mozilla 0.9.7
mozilla mozilla 0.9.8
mozilla mozilla 0.9.9
mozilla mozilla 0.9.35
mozilla mozilla 0.9.48
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.0.1
mozilla mozilla 1.0.2
mozilla mozilla 1.1
mozilla mozilla 1.1
mozilla mozilla 1.1
mozilla mozilla 1.2
mozilla mozilla 1.2
mozilla mozilla 1.2
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.3.1
mozilla mozilla 1.4
mozilla mozilla 1.4
mozilla mozilla 1.4
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.6
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3
mozilla mozilla 1.7.4
mozilla mozilla 1.7.5
mozilla mozilla 1.7.6
mozilla mozilla 1.7.7
mozilla mozilla 1.7.8
mozilla mozilla 1.7.9
mozilla mozilla 1.7.10
mozilla mozilla 1.7.11
mozilla mozilla 1.7.12
mozilla mozilla 1.8
mozilla mozilla 1.8
mozilla mozilla 1.8
mozilla mozilla 1.8
mozilla mozilla m15
mozilla mozilla m16



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "66BE50FE-EA21-4633-A181-CD35196DF06E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFDBA992-46F8-42A6-9428-C9E475CA69E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "78647043-8EBD-48AA-98F4-8E6D332C35E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "B628660A-00D7-4B56-8C86-4E33FB98B202",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "655FA37C-DA33-4195-AEAF-5A5D40C5C245",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDD5B652-8474-4C00-9CDD-62B499045932",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha1:*:*:*:*:*:*",
                     matchCriteriaId: "366CC212-B8B1-4702-8C10-205184F49DF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*",
                     matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha3:*:*:*:*:*:*",
                     matchCriteriaId: "A68DFC43-518D-4629-8954-C5764D4BD070",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha4:*:*:*:*:*:*",
                     matchCriteriaId: "03C940C2-F7C5-4791-92C4-A7DF6B965381",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:m15:*:*:*:*:*:*:*",
                     matchCriteriaId: "C85C3F06-8FFF-4A6F-BB86-B66A6031647E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:m16:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE87E2A0-4F55-4265-8E3C-0E5D60538BDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.",
      },
   ],
   id: "CVE-2005-4685",
   lastModified: "2024-11-21T00:04:55.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15331",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-03-25 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
References
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlVendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-15.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12659
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=241440Vendor Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-15.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=241440Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.",
      },
   ],
   id: "CVE-2005-0592",
   lastModified: "2024-11-20T23:55:28.363",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-03-25T05:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-15.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-15.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*",
                     matchCriteriaId: "10349BA5-70D3-4D11-94F6-A77D8570CB06",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.",
      },
   ],
   id: "CVE-2004-1614",
   lastModified: "2024-11-20T23:51:19.637",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-10-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1011810",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1011810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/11440",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "078698FD-775C-4B73-998D-F6B4F601185C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D044E602-45A5-4B14-8B16-B0978D985027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "31063052-D74D-41D0-B63D-4A7BADAC9C60",
                     versionEndIncluding: "1.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
                     versionEndIncluding: "7.54",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",
      },
   ],
   id: "CVE-2005-0238",
   lastModified: "2024-11-20T23:54:42.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12461",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn/homograph.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/12461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.shmoo.com/idn/homograph.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
Impacted products
Vendor Product Version
mozilla mozilla 1.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.",
      },
   ],
   id: "CVE-2005-0215",
   lastModified: "2024-11-20T23:54:39.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
References
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-48.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=293331Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-48.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=293331Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.",
      },
   ],
   id: "CVE-2005-2263",
   lastModified: "2024-11-20T23:59:09.840",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-48.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-48.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-12 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://securitytracker.com/id?1013964
secalert@redhat.comhttp://securitytracker.com/id?1013965
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-44.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-434.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-435.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/13645
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/0530
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013964
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013965
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-44.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-434.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-435.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13645
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0530
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via \"non-DOM property overrides,\" a variant of CVE-2005-1160.",
      },
   ],
   id: "CVE-2005-1532",
   lastModified: "2024-11-20T23:57:34.097",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-12T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1013964",
      },
      {
         source: "secalert@redhat.com",
         url: "http://securitytracker.com/id?1013965",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-44.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/13645",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/0530",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013964",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013965",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-44.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13645",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/0530",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-07-27 22:30
Modified
2024-11-21 00:34
Severity ?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección de argumento involucrando a Mozilla, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de navegador y ejecutar comandos de su elección      mediante metacaracteres de consola de comandos en un URI no especificado, que son insertados en una línea de comando al invocar al proceso gestor, asunto similar a CVE-2007-3670.",
      },
   ],
   id: "CVE-2007-4039",
   lastModified: "2024-11-21T00:34:38.630",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2007-07-27T22:30:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
      },
      {
         source: "cve@mitre.org",
         url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vendorComments: [
      {
         comment: "Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.",
         lastModified: "2007-07-31T00:00:00",
         organization: "Red Hat",
      },
   ],
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
Impacted products
Vendor Product Version
mozilla mozilla 0.9.7
mozilla mozilla 0.9.9
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.0
netscape navigator 6.1
netscape navigator 6.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "347AB95F-166E-449A-82D7-BEC10257E0D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F112CED-879B-4A19-993A-16858B4EC16C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.",
      },
   ],
   id: "CVE-2002-0354",
   lastModified: "2024-11-20T23:38:53.200",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-06-25T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
References
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=200&type=vulnerabilitiesPatch, Vendor Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-18.htmlVendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-176.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-277.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-337.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/12659
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=200&type=vulnerabilitiesPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-18.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-277.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-337.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.",
      },
   ],
   id: "CVE-2005-0255",
   lastModified: "2024-11-20T23:54:44.253",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-277.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-277.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=244965Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/12188
cve@mitre.orghttp://www.kb.cert.org/vuls/id/262350US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/10832
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16837
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=244965Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12188
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/262350US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10832
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16837
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF",
                     versionEndIncluding: "0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2",
                     versionEndIncluding: "0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.",
      },
      {
         lang: "es",
         value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, permiten a sitios web remotos secuestrar el interfaz del usuario mediante la bandera \"chrome\" y ficheros de Interfaz de Usuario XML (XUL).",
      },
   ],
   id: "CVE-2004-0764",
   lastModified: "2024-11-20T23:49:21.210",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12188",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/262350",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/10832",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/262350",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/10832",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2000-07-25 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
References
cve@mitre.orgftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
cve@mitre.orgftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/suse_security_announce_60.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2000-046.html
cve@mitre.orghttp://www.securityfocus.com/bid/1503
cve@mitre.orghttp://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.comExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2000-046.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/1503
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.comExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:m15:*:*:*:*:*:*:*",
                     matchCriteriaId: "C85C3F06-8FFF-4A6F-BB86-B66A6031647E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.05:*:*:*:*:*:*:*",
                     matchCriteriaId: "494AFC1E-67A3-41CA-B920-B8F778B68A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*",
                     matchCriteriaId: "213EB326-33D1-4329-A6BB-B1AA1C626E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "34F6328B-44A8-4E45-918E-C54285040BFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "529E3F71-6016-461D-A162-0DBDD5505389",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*",
                     matchCriteriaId: "31D02C4D-3FD1-425F-B0DB-7808089BCD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*",
                     matchCriteriaId: "61268CF9-E279-4F63-B228-F9ED4B93BB99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*",
                     matchCriteriaId: "918BE44C-8D64-4040-BC74-802AA3FA4E10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AA534C4-9411-44EC-AA34-2287C79AD235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A4E8588-A941-4759-B41C-00F193F2C63B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E48C051-EB45-4262-86C2-2333FD5C7745",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.",
      },
   ],
   id: "CVE-2000-0655",
   lastModified: "2024-11-20T23:32:59.723",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2000-07-25T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc",
      },
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2000-046.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/1503",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2000-046.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/1503",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
References
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16044
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-46.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.networksecurity.fi/advisories/netscape-multiple-issues.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=292589Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=292591Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-46.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=292589Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=292591Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0D56153-E20A-46D8-859E-A51E5C03D674",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C51A6F4-F88F-4BF2-BF71-5DC48559C085",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.",
      },
   ],
   id: "CVE-2005-2261",
   lastModified: "2024-11-20T23:59:09.570",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-46.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-46.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
Impacted products
Vendor Product Version
mozilla mozilla 5.0
netscape navigator 7.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35FB74FC-4614-4325-9249-0DC887FD6C34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30A0231A-B664-46C2-9602-B60EAD6AEC12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.",
      },
   ],
   id: "CVE-2003-1265",
   lastModified: "2024-11-20T23:46:44.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2003-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/10963.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6499",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1005871",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/10963.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6499",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1005871",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-02-15 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
References
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-11.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-094.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/12407
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=268107Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19172
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-11.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-094.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12407
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=268107Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.",
      },
   ],
   id: "CVE-2005-0149",
   lastModified: "2024-11-20T23:54:31.683",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-02-15T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-094.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-094.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFDBA992-46F8-42A6-9428-C9E475CA69E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "78647043-8EBD-48AA-98F4-8E6D332C35E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "5263F879-9B90-4582-B677-F133DEBE5259",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "C256B73C-9ABC-43D4-8C57-09161BC9F923",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "055D1044-9FC5-45AA-8407-649E96C5AFE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.",
      },
   ],
   id: "CVE-2005-4809",
   lastModified: "2024-11-21T00:05:14.117",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14568",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1013423",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/14885",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/12798",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2005/0260",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14568",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013423",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/14885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/12798",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/0260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=112008299210033&w=2
cve@mitre.orghttp://securitytracker.com/id?1014292
cve@mitre.orghttp://securitytracker.com/id?1014293
cve@mitre.orghttp://securitytracker.com/id?1014294
cve@mitre.orghttp://securitytracker.com/id?1014349
cve@mitre.orghttp://securitytracker.com/id?1014372
cve@mitre.orghttp://www.kurczaba.com/html/security/0506241.htmExploit, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-586.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-587.html
cve@mitre.orghttp://www.securiteam.com/securitynews/5OP0U00G1G.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/21188
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=112008299210033&w=2
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014292
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014293
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014294
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014349
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014372
af854a3a-2127-422b-91ae-364da2661108http://www.kurczaba.com/html/security/0506241.htmExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.securiteam.com/securitynews/5OP0U00G1G.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/21188
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628
Impacted products
Vendor Product Version
mozilla camino 0.8.4
mozilla firefox 1.0.4
mozilla mozilla 1.7.8



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:camino:0.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "31C05BFA-D947-47B7-8EA2-5C0F171F0A6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.",
      },
   ],
   id: "CVE-2005-2114",
   lastModified: "2024-11-20T23:58:50.383",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-05T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1014292",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1014293",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1014294",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1014349",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1014372",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.kurczaba.com/html/security/0506241.htm",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014292",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014294",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014349",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1014372",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.kurczaba.com/html/security/0506241.htm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
References
secalert@redhat.comhttp://secunia.com/advisories/15549
secalert@redhat.comhttp://secunia.com/advisories/15551
secalert@redhat.comhttp://secunia.com/advisories/15553
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-52.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/21332
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15549
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15551
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15553
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-52.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/21332
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.",
      },
   ],
   id: "CVE-2005-2266",
   lastModified: "2024-11-20T23:59:10.227",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/15549",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/15551",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/15553",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-52.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/15549",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/15551",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/15553",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-52.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
Impacted products
Vendor Product Version
mozilla firefox 0.9.3
mozilla mozilla 1.7.2
netscape navigator 7.1
netscape navigator 7.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.",
      },
   ],
   id: "CVE-2004-1753",
   lastModified: "2024-11-20T23:51:39.660",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12392",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373080",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373232",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373309",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/11059",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12392",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373080",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/archive/1/373309",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/11059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=231083Patch
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=235781Patch
cve@mitre.orghttp://secunia.com/advisories/12526/
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/653160Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlVendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.html
cve@mitre.orghttp://www.securityfocus.com/bid/11192
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17375
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=231083Patch
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=235781Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12526/
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/653160Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11192
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.",
      },
   ],
   id: "CVE-2004-0906",
   lastModified: "2024-11-20T23:49:39.177",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12526/",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/653160",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/11192",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12526/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/653160",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/11192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=257523Exploit, Patch
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/12526
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/460528US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch
cve@mitre.orghttp://www.securityfocus.com/bid/11179Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17376
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=257523Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12526
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/460528US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11179Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17376
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE6185-09F4-48E3-9742-F9D8030B5774",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E565E5-286D-4A68-B085-5659DFE59A9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.",
      },
   ],
   id: "CVE-2004-0908",
   lastModified: "2024-11-20T23:49:39.507",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/12526",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/460528",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11179",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/12526",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/460528",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11179",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
References
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-24.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=277574Patch, Vendor Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-24.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=277574Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.",
      },
   ],
   id: "CVE-2005-0584",
   lastModified: "2024-11-20T23:55:27.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-24.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-24.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=249004Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/784278US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16706
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=249004Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/784278US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16706
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134
Impacted products
Vendor Product Version
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "10E59CDD-9F95-4E38-95B3-AC5C35075378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.",
      },
      {
         lang: "es",
         value: "Mozilla 1.5 a 1.7 permiten que un certificado de AC (Autoridad Certificadora) sea importado incluso cuando su DN es el mismo de la AC raíz propia, lo que permite a atacantes remotos causar una denegación de servicio a páginas SSL porque el certificado malicioso es tratado como inválido.",
      },
   ],
   id: "CVE-2004-0758",
   lastModified: "2024-11-20T23:49:20.303",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/784278",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/784278",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-41.htmlVendor Advisory
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/13233
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=289074Patch
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=289083Patch
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=289961Patch
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-41.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13233
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=289074Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=289083Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=289961Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The privileged \"chrome\" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.",
      },
   ],
   id: "CVE-2005-1160",
   lastModified: "2024-11-20T23:56:44.660",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-41.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/13233",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14938",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/14992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-41.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/13233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=162020Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/11999/
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttp://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16623
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=162020Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11999/
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16623
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403
Impacted products
Vendor Product Version
mozilla firefox *
mozilla mozilla *
mozilla thunderbird *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF711F75-74B8-4CF6-9580-8B51F5A2F2EF",
                     versionEndIncluding: "0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723A6C5-70AB-4F54-BCCB-DD3498446AD2",
                     versionEndIncluding: "0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.",
      },
      {
         lang: "es",
         value: "Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7 permiten a sitios web remotos instalar extensiones de su elección usando eventes interactivos para manipular el cuadro de diálogo de Seguridad XPInstall.",
      },
   ],
   id: "CVE-2004-0762",
   lastModified: "2024-11-20T23:49:20.900",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-08-18T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/11999/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/11999/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/15495",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-03-04 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
References
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-14.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-176.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.securityfocus.com/bid/12659
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=258048Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=268483Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=276720Vendor Advisory
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=277564Vendor Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-14.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12659
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=258048Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=268483Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=276720Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=277564Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL \"secure site\" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.",
      },
   ],
   id: "CVE-2005-0593",
   lastModified: "2024-11-20T23:55:28.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-03-04T05:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.mozilla.org/security/announce/mfsa2005-14.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-14.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-04-02 22:19
Modified
2024-11-21 00:29
Severity ?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
Impacted products
Vendor Product Version
sun solaris 10.0
sun sunos 5.8
sun sunos 5.9
mozilla mozilla *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*",
                     matchCriteriaId: "DBEB91FE-FB39-4AB2-8172-2A47EC59861B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2475113-CFE4-41C8-A86F-F2DA6548D224",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9239E8A-8155-462A-A409-D66FF6B94B04",
                     versionEndIncluding: "1.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.  NOTE: this issue might be related to CVE-2006-3805.",
      },
      {
         lang: "es",
         value: "El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan al colector de basura que provoca el borrado de un objeto temporal que todavía se está utilizando. NOTA: este asunto podría estar relacionado con CVE-2006-3805.",
      },
   ],
   id: "CVE-2007-1794",
   lastModified: "2024-11-21T00:29:10.503",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-04-02T22:19:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24624",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/1178",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/24624",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/1178",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
References
secalert@redhat.comhttp://bugzilla.mozilla.org/show_bug.cgi?id=289940
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16044
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-45.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.networksecurity.fi/advisories/netscape-multiple-issues.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=289940
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-45.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.",
      },
   ],
   id: "CVE-2005-2260",
   lastModified: "2024-11-20T23:59:09.443",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-45.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-45.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
cve@mitre.orghttp://secunia.com/advisories/13129/Vendor Advisory
cve@mitre.orghttp://secunia.com/multiple_browsers_window_injection_vulnerability_test/
cve@mitre.orghttp://secunia.com/secunia_research/2004-13/advisory/Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-13.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-176.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-384.html
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13129/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2004-13/advisory/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-13.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-176.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.",
      },
   ],
   id: "CVE-2004-1156",
   lastModified: "2024-11-20T23:50:14.283",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13129/",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/secunia_research/2004-13/advisory/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/13129/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/secunia_research/2004-13/advisory/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-02-01 02:02
Modified
2024-11-21 00:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
References
cve@mitre.orghttp://community.livejournal.com/lj_dev/708069.html
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=113847912709062&w=2
cve@mitre.orghttp://securitytracker.com/id?1015553
cve@mitre.orghttp://securitytracker.com/id?1015563
cve@mitre.orghttp://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
cve@mitre.orghttp://www.osvdb.org/22924
cve@mitre.orghttp://www.securityfocus.com/bid/16427Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0403
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=324253
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24427
af854a3a-2127-422b-91ae-364da2661108http://community.livejournal.com/lj_dev/708069.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=113847912709062&w=2
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015553
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015563
af854a3a-2127-422b-91ae-364da2661108http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/22924
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16427Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0403
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=324253
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24427



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "655FA37C-DA33-4195-AEAF-5A5D40C5C245",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDD5B652-8474-4C00-9CDD-62B499045932",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2BD8D89-4936-402C-973D-5F4B071806D5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones anteriores, Mozilla Firefox 1.0.7 y posiblemente versiones anteriores y Netscape 8.1 y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de propiedad CSS (Cascading Style Sheets) -moz-binding, lo que no requiere que la hoja de estilos tenga el mismo origen que la página web, como es demostrado por el compromiso de un gran número de cuentas de LiveJournal.",
      },
   ],
   id: "CVE-2006-0496",
   lastModified: "2024-11-21T00:06:35.880",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-02-01T02:02:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://community.livejournal.com/lj_dev/708069.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1015553",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1015563",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/22924",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/16427",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2006/0403",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://community.livejournal.com/lj_dev/708069.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1015553",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1015563",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/22924",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/16427",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/0403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22F00276-9071-4B96-B49C-2E0898476874",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB84CC9B-346B-4AF4-929E-D56D85960103",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B40771F-30CB-45D0-9EDE-1F13852085B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47315EC4-1EED-4070-A087-8E37C8FE6703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE6B0681-B96F-405C-8042-1BF2DDB41648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "C9296197-0EE0-4CC0-A11F-E44E3443E990",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "A76ACC55-754D-4501-8312-5A4E10D053B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8987151-0901-4547-B750-5DC470BB9CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "2637D552-4A3D-4867-B52A-ACCED8681AF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC237C8-CFE0-4128-B549-93CD16894E71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "367A5D46-0FF3-4140-9478-251363822E9C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8DE4889-424F-4A44-8C14-9F18821CE961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "098458D4-635B-4A4D-9472-39370094E1ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.",
      },
   ],
   id: "CVE-2004-1451",
   lastModified: "2024-11-20T23:50:54.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://secunia.com/advisories/10419/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://secunia.com/advisories/10419/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
References
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-04.htmlVendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/12407
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=262689Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/19169
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-04.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12407
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=262689Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/19169
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016
Impacted products
Vendor Product Version
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla mozilla 1.7
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.",
      },
   ],
   id: "CVE-2005-0144",
   lastModified: "2024-11-20T23:54:30.977",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
References
secalert@redhat.comhttp://secunia.com/advisories/16043
secalert@redhat.comhttp://secunia.com/advisories/16044
secalert@redhat.comhttp://secunia.com/advisories/16059
secalert@redhat.comhttp://secunia.com/advisories/19823
secalert@redhat.comhttp://www.ciac.org/ciac/bulletins/p-252.shtml
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-810
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-55.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.networksecurity.fi/advisories/netscape-multiple-issues.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_18_sr.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_45_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_04_25.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-586.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-587.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-601.html
secalert@redhat.comhttp://www.securityfocus.com/bid/14242
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/1075
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=298892Exploit, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16059
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-252.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-55.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_18_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-586.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-587.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14242
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1075
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=298892Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2434FCE7-A50B-4527-9970-C7224B31141C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "5633FB6E-D623-49D4-9858-4E20E64DE458",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "567FF916-7DE0-403C-8528-7931A43E0D18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "010B34F4-910E-4515-990B-8E72DF009578",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A545A77-2198-4685-A87F-E0F2DAECECF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7447185-7509-449D-8907-F30A42CF7EB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C656A621-BE62-4BB8-9B25-A3916E60FA12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED69BEB9-8D83-415B-826D-9D17FB67976B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "407F69BE-4026-4B26-AC31-11E7CC942760",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BF63077-4E98-497D-8CE6-B84B022DB21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "2FEC6B13-3088-4ECB-9D81-6480F439601C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "20ECA520-780A-4EF8-8C80-B7564F4148B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
                     matchCriteriaId: "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "D093FD25-94C8-49B8-A452-438023BFB105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FE7EA3B-3BF8-4696-9488-78506074D62D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C883B45F-D28D-428E-AAF7-F93522A229DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D48957B0-BD47-4186-ACD7-0B9E7DB39B38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E748A943-8A1E-4657-826C-EBE013E04864",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties (\"XHTML node spoofing\").",
      },
   ],
   id: "CVE-2005-2269",
   lastModified: "2024-11-20T23:59:10.620",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-07-13T04:00:00.000",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-55.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729",
      },
      {
         source: "secalert@redhat.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/16059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/19823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2005/dsa-810",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.mozilla.org/security/announce/mfsa2005-55.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/14242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2005/1075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2005-0592
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.421Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-15.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440",
               },
               {
                  name: "oval:org.mitre.oval:def:100043",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10606",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-15.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=241440",
            },
            {
               name: "oval:org.mitre.oval:def:100043",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:10606",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0592",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.421Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0902
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:48.121Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:11201",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "mozilla-nspop3protocol-bo(17379)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
               },
               {
                  name: "mozilla-netscape-nonascii-bo(17378)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "TA04-261A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:11201",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "mozilla-nspop3protocol-bo(17379)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
            },
            {
               name: "mozilla-netscape-nonascii-bo(17378)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "TA04-261A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0902",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the \"Send page\" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:11201",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "mozilla-nspop3protocol-bo(17379)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17379",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=256316",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=245066",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226669",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=258005",
                  },
                  {
                     name: "mozilla-netscape-nonascii-bo(17378)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17378",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "TA04-261A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0902",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:48.121Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0191
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
Summary
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:10:03.820Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2004:110",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-110.html",
               },
               {
                  name: "RHSA-2004:112",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
               },
               {
                  name: "SSRT4722",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
               },
               {
                  name: "4062",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/4062",
               },
               {
                  name: "mozilla-event-handler-xss(15322)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322",
               },
               {
                  name: "9747",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/9747",
               },
               {
                  name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:937",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937",
               },
               {
                  name: "oval:org.mitre.oval:def:874",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2011-07-17T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2004:110",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-110.html",
            },
            {
               name: "RHSA-2004:112",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
            },
            {
               name: "SSRT4722",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
            },
            {
               name: "4062",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/4062",
            },
            {
               name: "mozilla-event-handler-xss(15322)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322",
            },
            {
               name: "9747",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/9747",
            },
            {
               name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:937",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937",
            },
            {
               name: "oval:org.mitre.oval:def:874",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0191",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2004:110",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-110.html",
                  },
                  {
                     name: "RHSA-2004:112",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
                  },
                  {
                     name: "SSRT4722",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
                  },
                  {
                     name: "4062",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/4062",
                  },
                  {
                     name: "mozilla-event-handler-xss(15322)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322",
                  },
                  {
                     name: "9747",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/9747",
                  },
                  {
                     name: "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=107774710729469&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:937",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937",
                  },
                  {
                     name: "oval:org.mitre.oval:def:874",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=227417",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0191",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2004-03-03T00:00:00",
      dateUpdated: "2024-08-08T00:10:03.820Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0791
Vulnerability from cvelistv5
Published
2005-04-14 04:00
Modified
2024-08-08 02:05
Severity ?
Summary
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
References
http://www.mandriva.com/security/advisories?name=MDKSA-2004:021vendor-advisory, x_refsource_MANDRAKE
http://www.osvdb.org/8390vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/11103/third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/9322vdb-entry, x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=221526x_refsource_MISC
http://www.securityfocus.com/advisories/6979vendor-advisory, x_refsource_SCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:05:12.568Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDKSA-2004:021",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
               },
               {
                  name: "8390",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/8390",
               },
               {
                  name: "11103",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11103/",
               },
               {
                  name: "9322",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/9322",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
               },
               {
                  name: "SCOSA-2004.8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/advisories/6979",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-10-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-04-22T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "MDKSA-2004:021",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
            },
            {
               name: "8390",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/8390",
            },
            {
               name: "11103",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11103/",
            },
            {
               name: "9322",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/9322",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
            },
            {
               name: "SCOSA-2004.8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "http://www.securityfocus.com/advisories/6979",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0791",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "MDKSA-2004:021",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
                  },
                  {
                     name: "8390",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/8390",
                  },
                  {
                     name: "11103",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11103/",
                  },
                  {
                     name: "9322",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/9322",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
                     refsource: "MISC",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
                  },
                  {
                     name: "SCOSA-2004.8",
                     refsource: "SCO",
                     url: "http://www.securityfocus.com/advisories/6979",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0791",
      datePublished: "2005-04-14T04:00:00",
      dateReserved: "2003-09-17T00:00:00",
      dateUpdated: "2024-08-08T02:05:12.568Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0907
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.971Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-tar-insecure-permissions(17373)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-tar-insecure-permissions(17373)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0907",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-tar-insecure-permissions(17373)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17373",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=254303",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0907",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0584
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.682Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100034",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574",
               },
               {
                  name: "oval:org.mitre.oval:def:11191",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-24.html",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100034",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100034",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277574",
            },
            {
               name: "oval:org.mitre.oval:def:11191",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11191",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-24.html",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0584",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.682Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-2013
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:12
Severity ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:51:16.501Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "3925",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/3925",
               },
               {
                  name: "20020121 Mozilla Cookie Exploit",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html",
               },
               {
                  name: "mozilla-netscape-steal-cookies(7973)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/7973.php",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-07-14T04:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "3925",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/3925",
            },
            {
               name: "20020121 Mozilla Cookie Exploit",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html",
            },
            {
               name: "mozilla-netscape-steal-cookies(7973)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/7973.php",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-2013",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "3925",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/3925",
                  },
                  {
                     name: "20020121 Mozilla Cookie Exploit",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html",
                  },
                  {
                     name: "mozilla-netscape-steal-cookies(7973)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/7973.php",
                  },
                  {
                     name: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
                     refsource: "MISC",
                     url: "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-2013",
      datePublished: "2005-07-14T04:00:00Z",
      dateReserved: "2005-07-14T00:00:00Z",
      dateUpdated: "2024-09-16T20:12:45.799Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0871
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.559Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://securityfocus.com/archive/1/375407",
               },
               {
                  name: "1011331",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011331",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
               },
               {
                  name: "web-browser-cookie-session-hijack(17417)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://securityfocus.com/archive/1/375407",
            },
            {
               name: "1011331",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011331",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
            },
            {
               name: "web-browser-cookie-session-hijack(17417)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0871",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities",
                     refsource: "BUGTRAQ",
                     url: "http://securityfocus.com/archive/1/375407",
                  },
                  {
                     name: "1011331",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011331",
                  },
                  {
                     name: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
                     refsource: "MISC",
                     url: "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt",
                  },
                  {
                     name: "web-browser-cookie-session-hijack(17417)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0871",
      datePublished: "2005-02-13T05:00:00",
      dateReserved: "2004-09-14T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.559Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1614
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:00:36.402Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20041018 Web browsers - a mini-farce",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
               },
               {
                  name: "1011810",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011810",
               },
               {
                  name: "20041018 Web browsers - a mini-farce",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
               },
               {
                  name: "11440",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11440",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20041018 Web browsers - a mini-farce",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
            },
            {
               name: "1011810",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011810",
            },
            {
               name: "20041018 Web browsers - a mini-farce",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
            },
            {
               name: "11440",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11440",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1614",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20041018 Web browsers - a mini-farce",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
                  },
                  {
                     name: "1011810",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011810",
                  },
                  {
                     name: "20041018 Web browsers - a mini-farce",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
                  },
                  {
                     name: "http://lcamtuf.coredump.cx/mangleme/gallery/",
                     refsource: "MISC",
                     url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
                  },
                  {
                     name: "11440",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11440",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1614",
      datePublished: "2005-02-20T05:00:00",
      dateReserved: "2005-02-20T00:00:00",
      dateUpdated: "2024-08-08T01:00:36.402Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0590
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.511Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-17.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100041",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059",
               },
               {
                  name: "oval:org.mitre.oval:def:10010",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-17.html",
            },
            {
               name: "oval:org.mitre.oval:def:100041",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268059",
            },
            {
               name: "oval:org.mitre.oval:def:10010",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0590",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.511Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0903
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "mozilla-netscape-nsvcardobj-bo(17380)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "VU#414240",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/414240",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "11174",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11174",
               },
               {
                  name: "oval:org.mitre.oval:def:10873",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873",
               },
               {
                  name: "TA04-261A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "mozilla-netscape-nsvcardobj-bo(17380)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "VU#414240",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/414240",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "11174",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11174",
            },
            {
               name: "oval:org.mitre.oval:def:10873",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873",
            },
            {
               name: "TA04-261A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0903",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "mozilla-netscape-nsvcardobj-bo(17380)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17380",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "VU#414240",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/414240",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257314",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "11174",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11174",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10873",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873",
                  },
                  {
                     name: "TA04-261A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0903",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.989Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1937
Vulnerability from cvelistv5
Published
2005-06-13 04:00
Modified
2024-08-07 22:06
Severity ?
Summary
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2005/dsa-777vendor-advisory, x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=296850x_refsource_CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://www.mozilla.org/security/announce/mfsa2005-51.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007vdb-entry, signature, x_refsource_OVAL
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/15601third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:06:57.681Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "DSA-777",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-777",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "oval:org.mitre.oval:def:10633",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "oval:org.mitre.oval:def:759",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "oval:org.mitre.oval:def:100007",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
               },
               {
                  name: "oval:org.mitre.oval:def:637",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "101952",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1",
               },
               {
                  name: "15601",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15601",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-06-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "DSA-777",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-777",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "oval:org.mitre.oval:def:10633",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "oval:org.mitre.oval:def:759",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "oval:org.mitre.oval:def:100007",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
            },
            {
               name: "oval:org.mitre.oval:def:637",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "101952",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1",
            },
            {
               name: "15601",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15601",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2005-1937",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-810",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-810",
                  },
                  {
                     name: "SUSE-SR:2005:018",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
                  },
                  {
                     name: "DSA-777",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-777",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296850",
                  },
                  {
                     name: "FLSA:160202",
                     refsource: "FEDORA",
                     url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10633",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10633",
                  },
                  {
                     name: "RHSA-2005:587",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-51.html",
                  },
                  {
                     name: "ADV-2005-1075",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2005/1075",
                  },
                  {
                     name: "oval:org.mitre.oval:def:759",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A759",
                  },
                  {
                     name: "SUSE-SA:2005:045",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
                  },
                  {
                     name: "14242",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/14242",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100007",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100007",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
                  },
                  {
                     name: "oval:org.mitre.oval:def:637",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A637",
                  },
                  {
                     name: "RHSA-2005:586",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
                  },
                  {
                     name: "101952",
                     refsource: "SUNALERT",
                     url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1",
                  },
                  {
                     name: "15601",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/15601",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2005-1937",
      datePublished: "2005-06-13T04:00:00",
      dateReserved: "2005-06-13T00:00:00",
      dateUpdated: "2024-08-07T22:06:57.681Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1154
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:35:59.960Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100022",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "13230",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13230",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "oval:org.mitre.oval:def:10339",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-36.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "oval:org.mitre.oval:def:100022",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "13230",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13230",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "oval:org.mitre.oval:def:10339",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-36.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1154",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:35:59.960Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0142
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.346Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
               },
               {
                  name: "mozilla-world-readable(17832)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "oval:org.mitre.oval:def:9543",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543",
               },
               {
                  name: "oval:org.mitre.oval:def:100056",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
            },
            {
               name: "mozilla-world-readable(17832)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "oval:org.mitre.oval:def:9543",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543",
            },
            {
               name: "oval:org.mitre.oval:def:100056",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0142",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-02.html",
                  },
                  {
                     name: "mozilla-world-readable(17832)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17832",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9543",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9543",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100056",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=251297",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0142",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.346Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0215
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
References
http://marc.info/?l=bugtraq&m=110512665029209&w=2mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/18803vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:25.482Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20050107 Mozilla XBM Image Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2",
               },
               {
                  name: "mozilla-xbm-dos(18803)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20050107 Mozilla XBM Image Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2",
            },
            {
               name: "mozilla-xbm-dos(18803)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0215",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20050107 Mozilla XBM Image Vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=110512665029209&w=2",
                  },
                  {
                     name: "mozilla-xbm-dos(18803)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0215",
      datePublished: "2005-02-06T05:00:00",
      dateReserved: "2005-02-01T00:00:00",
      dateUpdated: "2024-08-07T21:05:25.482Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0143
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.790Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100055",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11297",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297",
               },
               {
                  name: "mozilla-ssl-spoofing(19166)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
            },
            {
               name: "oval:org.mitre.oval:def:100055",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "oval:org.mitre.oval:def:11297",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297",
            },
            {
               name: "mozilla-ssl-spoofing(19166)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0143",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-03.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100055",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11297",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297",
                  },
                  {
                     name: "mozilla-ssl-spoofing(19166)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19166",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=257308",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0143",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.790Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1532
Vulnerability from cvelistv5
Published
2005-05-12 04:00
Modified
2024-08-07 21:51
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:51:50.289Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-44.html",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "RHSA-2005:435",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "1013964",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013964",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "oval:org.mitre.oval:def:100014",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "1013965",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013965",
               },
               {
                  name: "13645",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13645",
               },
               {
                  name: "oval:org.mitre.oval:def:10791",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791",
               },
               {
                  name: "ADV-2005-0530",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/0530",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "RHSA-2005:434",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via \"non-DOM property overrides,\" a variant of CVE-2005-1160.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-44.html",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "RHSA-2005:435",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "1013964",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013964",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "oval:org.mitre.oval:def:100014",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "1013965",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013965",
            },
            {
               name: "13645",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13645",
            },
            {
               name: "oval:org.mitre.oval:def:10791",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791",
            },
            {
               name: "ADV-2005-0530",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/0530",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "RHSA-2005:434",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1532",
      datePublished: "2005-05-12T04:00:00",
      dateReserved: "2005-05-12T00:00:00",
      dateUpdated: "2024-08-07T21:51:50.289Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0587
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.516Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100037",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037",
               },
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100037",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037",
            },
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2005-0587",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:100037",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037",
                  },
                  {
                     name: "12659",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12659",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-21.html",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0587",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.516Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0764
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.321Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12188",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12188",
               },
               {
                  name: "mozilla-user-interface-spoofing(16837)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:2418",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "VU#262350",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/262350",
               },
               {
                  name: "10832",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/10832",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
               },
               {
                  name: "oval:org.mitre.oval:def:9419",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-07-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "12188",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12188",
            },
            {
               name: "mozilla-user-interface-spoofing(16837)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:2418",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "VU#262350",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/262350",
            },
            {
               name: "10832",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/10832",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
            },
            {
               name: "oval:org.mitre.oval:def:9419",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0764",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the \"chrome\" flag and XML User Interface Language (XUL) files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "12188",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12188",
                  },
                  {
                     name: "mozilla-user-interface-spoofing(16837)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16837",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:2418",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "VU#262350",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/262350",
                  },
                  {
                     name: "10832",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/10832",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=244965",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9419",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0764",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.321Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1380
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-08 00:46
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:46:12.445Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100050",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050",
               },
               {
                  name: "web-browser-modal-spoofing(18864)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
               },
               {
                  name: "12712",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12712",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
               },
               {
                  name: "oval:org.mitre.oval:def:10211",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
            },
            {
               name: "oval:org.mitre.oval:def:100050",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050",
            },
            {
               name: "web-browser-modal-spoofing(18864)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
            },
            {
               name: "12712",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12712",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
            },
            {
               name: "oval:org.mitre.oval:def:10211",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1380",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the \"Dialog Box Spoofing Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100050",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050",
                  },
                  {
                     name: "web-browser-modal-spoofing(18864)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_form_field_focus_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
                  },
                  {
                     name: "12712",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12712",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10211",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1380",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-08T00:46:12.445Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1613
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:00:36.308Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20041018 Web browsers - a mini-farce",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
               },
               {
                  name: "11439",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11439",
               },
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "mozilla-html-tags-dos(17805)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805",
               },
               {
                  name: "oval:org.mitre.oval:def:10227",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227",
               },
               {
                  name: "1011810",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011810",
               },
               {
                  name: "20041018 Web browsers - a mini-farce",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20041018 Web browsers - a mini-farce",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
            },
            {
               name: "11439",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11439",
            },
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "mozilla-html-tags-dos(17805)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805",
            },
            {
               name: "oval:org.mitre.oval:def:10227",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227",
            },
            {
               name: "1011810",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011810",
            },
            {
               name: "20041018 Web browsers - a mini-farce",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1613",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20041018 Web browsers - a mini-farce",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=109811406620511&w=2",
                  },
                  {
                     name: "11439",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11439",
                  },
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "mozilla-html-tags-dos(17805)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10227",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227",
                  },
                  {
                     name: "1011810",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011810",
                  },
                  {
                     name: "20041018 Web browsers - a mini-farce",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html",
                  },
                  {
                     name: "http://lcamtuf.coredump.cx/mangleme/gallery/",
                     refsource: "MISC",
                     url: "http://lcamtuf.coredump.cx/mangleme/gallery/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1613",
      datePublished: "2005-02-20T05:00:00",
      dateReserved: "2005-02-20T00:00:00",
      dateUpdated: "2024-08-08T01:00:36.308Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0779
Vulnerability from cvelistv5
Published
2004-08-14 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.860Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDKSA-2004:082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
               },
               {
                  name: "mozilla-plaintext-password(17018)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "MDKSA-2004:082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
            },
            {
               name: "mozilla-plaintext-password(17018)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0779",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "MDKSA-2004:082",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
                  },
                  {
                     name: "mozilla-plaintext-password(17018)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0779",
      datePublished: "2004-08-14T04:00:00",
      dateReserved: "2004-08-13T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.860Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0909
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:48.122Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "VU#113192",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/113192",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "mozilla-enableprivilege-modify-dialog(17377)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
               {
                  name: "12526",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12526",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "VU#113192",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/113192",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "mozilla-enableprivilege-modify-dialog(17377)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
            {
               name: "12526",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12526",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0909",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=253942",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "VU#113192",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/113192",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "mozilla-enableprivilege-modify-dialog(17377)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17377",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
                  {
                     name: "12526",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12526",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0909",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:48.122Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-3014
Vulnerability from cvelistv5
Published
2009-08-31 16:00
Modified
2024-08-07 06:14
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T06:14:55.185Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://websecurity.com.ua/3373/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://websecurity.com.ua/3386/",
               },
               {
                  name: "firefox-seamonkey-javascript-xss(52995)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995",
               },
               {
                  name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://websecurity.com.ua/3373/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://websecurity.com.ua/3386/",
            },
            {
               name: "firefox-seamonkey-javascript-xss(52995)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995",
            },
            {
               name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-3014",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://websecurity.com.ua/3373/",
                     refsource: "MISC",
                     url: "http://websecurity.com.ua/3373/",
                  },
                  {
                     name: "http://websecurity.com.ua/3386/",
                     refsource: "MISC",
                     url: "http://websecurity.com.ua/3386/",
                  },
                  {
                     name: "firefox-seamonkey-javascript-xss(52995)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995",
                  },
                  {
                     name: "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-3014",
      datePublished: "2009-08-31T16:00:00",
      dateReserved: "2009-08-31T00:00:00",
      dateUpdated: "2024-08-07T06:14:55.185Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0399
Vulnerability from cvelistv5
Published
2005-03-24 05:00
Modified
2024-08-07 21:13
Severity ?
Summary
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
References
http://www.redhat.com/support/errata/RHSA-2005-323.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-336.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2005/0296vdb-entry, x_refsource_VUPEN
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtvendor-advisory, x_refsource_SCO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-335.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/15495vdb-entry, x_refsource_BID
http://www.ciac.org/ciac/bulletins/p-160.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://exchange.xforce.ibmcloud.com/vulnerabilities/19269vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/12881vdb-entry, x_refsource_BID
http://www.mozilla.org/security/announce/mfsa2005-30.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877x_refsource_MISC
http://xforce.iss.net/xforce/alerts/id/191third-party-advisory, x_refsource_ISS
http://www.kb.cert.org/vuls/id/557948third-party-advisory, x_refsource_CERT-VN
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlvendor-advisory, x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/14654third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2005-337.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:13:53.801Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "RHSA-2005:336",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
               },
               {
                  name: "ADV-2005-0296",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/0296",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "oval:org.mitre.oval:def:100028",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "P-160",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-160.shtml",
               },
               {
                  name: "gif-extension-overflow(19269)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269",
               },
               {
                  name: "12881",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12881",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-30.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877",
               },
               {
                  name: "20050323 Mozilla Foundation GIF Overflow",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_ISS",
                     "x_transferred",
                  ],
                  url: "http://xforce.iss.net/xforce/alerts/id/191",
               },
               {
                  name: "VU#557948",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/557948",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:11377",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377",
               },
               {
                  name: "14654",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14654",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "RHSA-2005:337",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "RHSA-2005:336",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
            },
            {
               name: "ADV-2005-0296",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/0296",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "oval:org.mitre.oval:def:100028",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "P-160",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-160.shtml",
            },
            {
               name: "gif-extension-overflow(19269)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269",
            },
            {
               name: "12881",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12881",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-30.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877",
            },
            {
               name: "20050323 Mozilla Foundation GIF Overflow",
               tags: [
                  "third-party-advisory",
                  "x_refsource_ISS",
               ],
               url: "http://xforce.iss.net/xforce/alerts/id/191",
            },
            {
               name: "VU#557948",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/557948",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "oval:org.mitre.oval:def:11377",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377",
            },
            {
               name: "14654",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14654",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "RHSA-2005:337",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0399",
      datePublished: "2005-03-24T05:00:00",
      dateReserved: "2005-02-14T00:00:00",
      dateUpdated: "2024-08-07T21:13:53.801Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1449
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:53:23.517Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDKSA-2004:082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-02-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-15T16:38:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "MDKSA-2004:082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1449",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "MDKSA-2004:082",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1449",
      datePublished: "2005-02-13T05:00:00",
      dateReserved: "2005-02-13T00:00:00",
      dateUpdated: "2024-08-08T00:53:23.517Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0757
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.131Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:11042",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042",
               },
               {
                  name: "10856",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/10856",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "mozilla-senduidl-pop3-bo(16869)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "oval:org.mitre.oval:def:3250",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250",
               },
               {
                  name: "VU#561022",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/561022",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:11042",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042",
            },
            {
               name: "10856",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/10856",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "mozilla-senduidl-pop3-bo(16869)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "oval:org.mitre.oval:def:3250",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250",
            },
            {
               name: "VU#561022",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/561022",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0757",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:11042",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042",
                  },
                  {
                     name: "10856",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/10856",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "mozilla-senduidl-pop3-bo(16869)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "oval:org.mitre.oval:def:3250",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250",
                  },
                  {
                     name: "VU#561022",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/561022",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0757",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.131Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0904
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.831Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-netscape-bmp-bo(17381)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "11171",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11171",
               },
               {
                  name: "TA04-261A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:10952",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952",
               },
               {
                  name: "VU#847200",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/847200",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-netscape-bmp-bo(17381)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "11171",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11171",
            },
            {
               name: "TA04-261A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:10952",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952",
            },
            {
               name: "VU#847200",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/847200",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0904",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-netscape-bmp-bo(17381)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "11171",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11171",
                  },
                  {
                     name: "TA04-261A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10952",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952",
                  },
                  {
                     name: "VU#847200",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/847200",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0904",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.831Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1153
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
Summary
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:35:59.978Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-35.html",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:9584",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584",
               },
               {
                  name: "oval:org.mitre.oval:def:100023",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the \"Show javascript\" option.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-35.html",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               name: "oval:org.mitre.oval:def:9584",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584",
            },
            {
               name: "oval:org.mitre.oval:def:100023",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289204",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1153",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:35:59.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-2359
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 19:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:59:11.901Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "5403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5403",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
               },
               {
                  name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html",
               },
               {
                  name: "multiple-ftp-view-xss(9757)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/9757.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-10-29T19:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "5403",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5403",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
            },
            {
               name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html",
            },
            {
               name: "multiple-ftp-view-xss(9757)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/9757.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-2359",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "5403",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5403",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
                     refsource: "MISC",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
                  },
                  {
                     name: "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html",
                  },
                  {
                     name: "multiple-ftp-view-xss(9757)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/9757.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-2359",
      datePublished: "2007-10-29T19:00:00Z",
      dateReserved: "2007-10-29T00:00:00Z",
      dateUpdated: "2024-09-16T19:19:22.253Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2269
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16044third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=298892x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729vdb-entry, signature, x_refsource_OVAL
http://www.networksecurity.fi/advisories/netscape-multiple-issues.htmlx_refsource_MISC
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.mozilla.org/security/announce/mfsa2005-55.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:47.768Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100005",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "16044",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16044",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100004",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004",
               },
               {
                  name: "oval:org.mitre.oval:def:729",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-55.html",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "oval:org.mitre.oval:def:100011",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011",
               },
               {
                  name: "oval:org.mitre.oval:def:9777",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:1258",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties (\"XHTML node spoofing\").",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "oval:org.mitre.oval:def:100005",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "16044",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16044",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=298892",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "oval:org.mitre.oval:def:100004",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004",
            },
            {
               name: "oval:org.mitre.oval:def:729",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-55.html",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "oval:org.mitre.oval:def:100011",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011",
            },
            {
               name: "oval:org.mitre.oval:def:9777",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:1258",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2269",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:47.768Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0762
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.634Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:4403",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "mozilla-dialog-code-execution(16623)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
               },
               {
                  name: "oval:org.mitre.oval:def:10032",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032",
               },
               {
                  name: "11999",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11999/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
               },
               {
                  name: "20040407 Race conditions in security dialogs",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-07-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:4403",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "mozilla-dialog-code-execution(16623)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
            },
            {
               name: "oval:org.mitre.oval:def:10032",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032",
            },
            {
               name: "11999",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11999/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
            },
            {
               name: "20040407 Race conditions in security dialogs",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0762",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:4403",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4403",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "mozilla-dialog-code-execution(16623)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16623",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162020",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10032",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10032",
                  },
                  {
                     name: "11999",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11999/",
                  },
                  {
                     name: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
                     refsource: "MISC",
                     url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
                  },
                  {
                     name: "20040407 Race conditions in security dialogs",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0762",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.634Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1753
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
http://www.securityfocus.com/archive/1/373309mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/12392third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/373080mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/17137vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/373232mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/11059vdb-entry, x_refsource_BID
http://bugzilla.mozilla.org/show_bug.cgi?id=162134x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:00:37.238Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/373309",
               },
               {
                  name: "12392",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12392",
               },
               {
                  name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/373080",
               },
               {
                  name: "netscape-java-tab-spoofing(17137)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137",
               },
               {
                  name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/373232",
               },
               {
                  name: "11059",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11059",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/373309",
            },
            {
               name: "12392",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12392",
            },
            {
               name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/373080",
            },
            {
               name: "netscape-java-tab-spoofing(17137)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137",
            },
            {
               name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/373232",
            },
            {
               name: "11059",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11059",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1753",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/373309",
                  },
                  {
                     name: "12392",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12392",
                  },
                  {
                     name: "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/373080",
                  },
                  {
                     name: "netscape-java-tab-spoofing(17137)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137",
                  },
                  {
                     name: "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/373232",
                  },
                  {
                     name: "11059",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11059",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
                     refsource: "MISC",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1753",
      datePublished: "2005-02-26T05:00:00",
      dateReserved: "2005-02-26T00:00:00",
      dateUpdated: "2024-08-08T01:00:37.238Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0758
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.817Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  name: "GLSA-200408-22",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:3134",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "mozilla-certificate-dos(16706)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706",
               },
               {
                  name: "oval:org.mitre.oval:def:10304",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304",
               },
               {
                  name: "VU#784278",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/784278",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               name: "GLSA-200408-22",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:3134",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "mozilla-certificate-dos(16706)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706",
            },
            {
               name: "oval:org.mitre.oval:def:10304",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304",
            },
            {
               name: "VU#784278",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/784278",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0758",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "GLSA-200408-22",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:3134",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "mozilla-certificate-dos(16706)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16706",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10304",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304",
                  },
                  {
                     name: "VU#784278",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/784278",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=249004",
                  },
                  {
                     name: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127186",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0758",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.817Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1316
Vulnerability from cvelistv5
Published
2004-12-31 05:00
Modified
2024-08-08 00:46
Severity ?
Summary
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:46:12.364Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "HPSBTU01114",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2",
               },
               {
                  name: "12131",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12131",
               },
               {
                  name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2",
               },
               {
                  name: "mozilla-nntp-bo(18711)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711",
               },
               {
                  name: "oval:org.mitre.oval:def:100052",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9808",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808",
               },
               {
                  name: "RHSA-2005:038",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-038.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-12-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "HPSBTU01114",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2",
            },
            {
               name: "12131",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12131",
            },
            {
               name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2",
            },
            {
               name: "mozilla-nntp-bo(18711)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711",
            },
            {
               name: "oval:org.mitre.oval:def:100052",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:9808",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808",
            },
            {
               name: "RHSA-2005:038",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-038.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1316",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\\' (backslash) character, which prevents a string from being NULL terminated.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-06.html",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "HPSBTU01114",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=110780717916478&w=2",
                  },
                  {
                     name: "12131",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12131",
                  },
                  {
                     name: "20041229 Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=110436284718949&w=2",
                  },
                  {
                     name: "mozilla-nntp-bo(18711)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18711",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100052",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100052",
                  },
                  {
                     name: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
                     refsource: "MISC",
                     url: "http://isec.pl/vulnerabilities/isec-0020-mozilla.txt",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9808",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9808",
                  },
                  {
                     name: "RHSA-2005:038",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-038.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1316",
      datePublished: "2004-12-31T05:00:00",
      dateReserved: "2004-12-30T00:00:00",
      dateUpdated: "2024-08-08T00:46:12.364Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0722
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:24:27.239Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
               },
               {
                  name: "oval:org.mitre.oval:def:9378",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "mozilla-netscape-soapparameter-bo(16862)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862",
               },
               {
                  name: "oval:org.mitre.oval:def:4629",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
            },
            {
               name: "oval:org.mitre.oval:def:9378",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "mozilla-netscape-soapparameter-bo(16862)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862",
            },
            {
               name: "oval:org.mitre.oval:def:4629",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0722",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9378",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "mozilla-netscape-soapparameter-bo(16862)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862",
                  },
                  {
                     name: "oval:org.mitre.oval:def:4629",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629",
                  },
                  {
                     name: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
                     refsource: "MISC",
                     url: "http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0722",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-07-22T00:00:00",
      dateUpdated: "2024-08-08T00:24:27.239Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0989
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-386.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/12988vdb-entry, x_refsource_BID
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtvendor-advisory, x_refsource_SCO
http://secunia.com/advisories/14820third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/15495vdb-entry, x_refsource_BID
http://securitytracker.com/id?1013635vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlvendor-advisory, x_refsource_GENTOO
http://securitytracker.com/id?1013643vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-384.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-383.htmlvendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=288688x_refsource_CONFIRM
http://www.mozilla.org/security/announce/mfsa2005-33.htmlx_refsource_CONFIRM
http://secunia.com/advisories/14821third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:35:59.891Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100025",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025",
               },
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "12988",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12988",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "14820",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14820",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "1013635",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013635",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  name: "1013643",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013643",
               },
               {
                  name: "oval:org.mitre.oval:def:11706",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
               },
               {
                  name: "14821",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14821",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100025",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025",
            },
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "12988",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12988",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "14820",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14820",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "1013635",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013635",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               name: "1013643",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013643",
            },
            {
               name: "oval:org.mitre.oval:def:11706",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
            },
            {
               name: "14821",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14821",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0989",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:100025",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025",
                  },
                  {
                     name: "RHSA-2005:386",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
                  },
                  {
                     name: "12988",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12988",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "14820",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/14820",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "1013635",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1013635",
                  },
                  {
                     name: "RHSA-2005:601",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
                  },
                  {
                     name: "GLSA-200504-18",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
                  },
                  {
                     name: "1013643",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1013643",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11706",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "RHSA-2005:383",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-33.html",
                  },
                  {
                     name: "14821",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/14821",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0989",
      datePublished: "2005-04-06T04:00:00",
      dateReserved: "2005-04-06T00:00:00",
      dateUpdated: "2024-08-07T21:35:59.891Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0298
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
Summary
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
References
http://marc.info/?l=bugtraq&m=105294024124163&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:50:47.565Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20030514 Buffer overflows in multiple IMAP clients",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-05-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20030514 Buffer overflows in multiple IMAP clients",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0298",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20030514 Buffer overflows in multiple IMAP clients",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0298",
      datePublished: "2003-05-15T04:00:00",
      dateReserved: "2003-05-14T00:00:00",
      dateUpdated: "2024-08-08T01:50:47.565Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1639
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
Summary
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:00:36.763Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html",
               },
               {
                  name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2",
               },
               {
                  name: "mozilla-html-dos(17839)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-10-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html",
            },
            {
               name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2",
            },
            {
               name: "mozilla-html-dos(17839)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1639",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html",
                  },
                  {
                     name: "20041026 Rendering large binary file as HTML makes Mozilla Firefox stop responding",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=109886388528179&w=2",
                  },
                  {
                     name: "mozilla-html-dos(17839)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17839",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1639",
      datePublished: "2005-02-20T05:00:00",
      dateReserved: "2005-02-20T00:00:00",
      dateUpdated: "2024-08-08T01:00:36.763Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-4809
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-08 00:01
Severity ?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/19540vdb-entry, x_refsource_XF
http://secunia.com/advisories/14568third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/12798vdb-entry, x_refsource_BID
http://securitytracker.com/id?1013423vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/14885vdb-entry, x_refsource_OSVDB
http://marc.info/?l=full-disclosure&m=111073068631287&w=2mailing-list, x_refsource_FULLDISC
http://www.vupen.com/english/advisories/2005/0260vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:01:23.331Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-save-link-as-dialog-spoofing(19540)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540",
               },
               {
                  name: "14568",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14568",
               },
               {
                  name: "12798",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12798",
               },
               {
                  name: "1013423",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013423",
               },
               {
                  name: "14885",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/14885",
               },
               {
                  name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2",
               },
               {
                  name: "ADV-2005-0260",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/0260",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-03-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-save-link-as-dialog-spoofing(19540)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540",
            },
            {
               name: "14568",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14568",
            },
            {
               name: "12798",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12798",
            },
            {
               name: "1013423",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013423",
            },
            {
               name: "14885",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/14885",
            },
            {
               name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2",
            },
            {
               name: "ADV-2005-0260",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/0260",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-4809",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-save-link-as-dialog-spoofing(19540)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540",
                  },
                  {
                     name: "14568",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/14568",
                  },
                  {
                     name: "12798",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12798",
                  },
                  {
                     name: "1013423",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1013423",
                  },
                  {
                     name: "14885",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/14885",
                  },
                  {
                     name: "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
                     refsource: "FULLDISC",
                     url: "http://marc.info/?l=full-disclosure&m=111073068631287&w=2",
                  },
                  {
                     name: "ADV-2005-0260",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2005/0260",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-4809",
      datePublished: "2006-08-30T01:00:00",
      dateReserved: "2006-08-29T00:00:00",
      dateUpdated: "2024-08-08T00:01:23.331Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-2314
Vulnerability from cvelistv5
Published
2007-10-26 19:00
Modified
2024-09-17 03:43
Severity ?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:59:11.882Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-javascript-steal-cookies(9656)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/9656.php",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
               },
               {
                  name: "20020918 Mozilla vulnerabilities, an update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
               },
               {
                  name: "20020724 Mozilla cookie stealing - Sandblad advisory #9",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2002/Jul/0260.html",
               },
               {
                  name: "MDKSA-2002:074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
               },
               {
                  name: "5293",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5293",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-10-26T19:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-javascript-steal-cookies(9656)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/9656.php",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
            },
            {
               name: "20020918 Mozilla vulnerabilities, an update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
            },
            {
               name: "20020724 Mozilla cookie stealing - Sandblad advisory #9",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2002/Jul/0260.html",
            },
            {
               name: "MDKSA-2002:074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
            },
            {
               name: "5293",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5293",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-2314",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-javascript-steal-cookies(9656)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/9656.php",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
                     refsource: "MISC",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
                  },
                  {
                     name: "20020918 Mozilla vulnerabilities, an update",
                     refsource: "BUGTRAQ",
                     url: "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html",
                  },
                  {
                     name: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                  },
                  {
                     name: "20020724 Mozilla cookie stealing - Sandblad advisory #9",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2002/Jul/0260.html",
                  },
                  {
                     name: "MDKSA-2002:074",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
                  },
                  {
                     name: "5293",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5293",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-2314",
      datePublished: "2007-10-26T19:00:00Z",
      dateReserved: "2007-10-26T00:00:00Z",
      dateUpdated: "2024-09-17T03:43:50.543Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0354
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:49
Severity ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
http://marc.info/?l=bugtraq&m=102017952204097&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=ntbugtraq&m=102020343728766&w=2mailing-list, x_refsource_NTBUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:49:27.374Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2",
               },
               {
                  name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                  tags: [
                     "mailing-list",
                     "x_refsource_NTBUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-04-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2",
            },
            {
               name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
               tags: [
                  "mailing-list",
                  "x_refsource_NTBUGTRAQ",
               ],
               url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0354",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=102017952204097&w=2",
                  },
                  {
                     name: "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                     refsource: "NTBUGTRAQ",
                     url: "http://marc.info/?l=ntbugtraq&m=102020343728766&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0354",
      datePublished: "2002-05-03T04:00:00",
      dateReserved: "2002-05-01T00:00:00",
      dateUpdated: "2024-08-08T02:49:27.374Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-2338
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 20:06
Severity ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:59:11.958Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/276946",
               },
               {
                  name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/archive/1/276628",
               },
               {
                  name: "MDKSA-2002:074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
               },
               {
                  name: "5002",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5002",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
               },
               {
                  name: "mozilla-netscape-pop3-dos(9343)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/9343.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-10-29T19:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/276946",
            },
            {
               name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://online.securityfocus.com/archive/1/276628",
            },
            {
               name: "MDKSA-2002:074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
            },
            {
               name: "5002",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5002",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
            },
            {
               name: "mozilla-netscape-pop3-dos(9343)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/9343.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-2338",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20020614 Another small DoS on Mozilla <= 1.0 through pop3",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/276946",
                  },
                  {
                     name: "20020612 Another small DoS on Mozilla <= 1.0 through pop3",
                     refsource: "BUGTRAQ",
                     url: "http://online.securityfocus.com/archive/1/276628",
                  },
                  {
                     name: "MDKSA-2002:074",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
                  },
                  {
                     name: "5002",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5002",
                  },
                  {
                     name: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                     refsource: "CONFIRM",
                     url: "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                  },
                  {
                     name: "mozilla-netscape-pop3-dos(9343)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/9343.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-2338",
      datePublished: "2007-10-29T19:00:00Z",
      dateReserved: "2007-10-29T00:00:00Z",
      dateUpdated: "2024-09-16T20:06:54.208Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0401
Vulnerability from cvelistv5
Published
2005-03-24 05:00
Modified
2024-08-07 21:13
Severity ?
Summary
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:13:54.076Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:336",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
               },
               {
                  name: "ADV-2005-0296",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/0296",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://mikx.de/firescrolling2/",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9650",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-32.html",
               },
               {
                  name: "12885",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12885",
               },
               {
                  name: "oval:org.mitre.oval:def:100026",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "20050324 Firescrolling 2 [Firefox 1.0.1]",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2",
               },
               {
                  name: "14654",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14654",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka \"Firescrolling 2.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:336",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-336.html",
            },
            {
               name: "ADV-2005-0296",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/0296",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://mikx.de/firescrolling2/",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "oval:org.mitre.oval:def:9650",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9650",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-32.html",
            },
            {
               name: "12885",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12885",
            },
            {
               name: "oval:org.mitre.oval:def:100026",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100026",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "20050324 Firescrolling 2 [Firefox 1.0.1]",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=111168413007891&w=2",
            },
            {
               name: "14654",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14654",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0401",
      datePublished: "2005-03-24T05:00:00",
      dateReserved: "2005-02-14T00:00:00",
      dateUpdated: "2024-08-07T21:13:54.076Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0765
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.881Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
               },
               {
                  name: "oval:org.mitre.oval:def:11162",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  name: "mozilla-certtesthostname-certificate-spoof(16868)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
            },
            {
               name: "oval:org.mitre.oval:def:11162",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               name: "mozilla-certtesthostname-certificate-spoof(16868)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0765",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=234058",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11162",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "mozilla-certtesthostname-certificate-spoof(16868)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16868",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0765",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.881Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1381
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-08 00:46
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:46:12.488Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100053",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
               },
               {
                  name: "web-browser-inactive-info-disclosure(17789)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
               },
               {
                  name: "12712",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12712",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-10-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100053",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
            },
            {
               name: "web-browser-inactive-info-disclosure(17789)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
            },
            {
               name: "12712",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12712",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1381",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:100053",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-05.html",
                  },
                  {
                     name: "web-browser-inactive-info-disclosure(17789)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17789",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_form_field_focus_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_form_field_focus_test/",
                  },
                  {
                     name: "12712",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12712",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_dialog_box_spoofing_test/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1381",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-08T00:46:12.488Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1160
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:44
Severity ?
Summary
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=289083x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-386.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/14992third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017vdb-entry, signature, x_refsource_OVAL
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtvendor-advisory, x_refsource_SCO
http://www.mozilla.org/security/announce/mfsa2005-41.htmlx_refsource_CONFIRM
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/13233vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/15495vdb-entry, x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=289074x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlvendor-advisory, x_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=289961x_refsource_CONFIRM
http://secunia.com/advisories/14938third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-384.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-383.htmlvendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:44:05.346Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083",
               },
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  name: "oval:org.mitre.oval:def:100017",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-41.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "13233",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13233",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11291",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The privileged \"chrome\" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289083",
            },
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               name: "oval:org.mitre.oval:def:100017",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-41.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "13233",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13233",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289074",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=289961",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "oval:org.mitre.oval:def:11291",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1160",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:44:05.346Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0578
Vulnerability from cvelistv5
Published
2005-02-27 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:05.653Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:10954",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "oval:org.mitre.oval:def:10954",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0578",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "12659",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12659",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-28.html",
                  },
                  {
                     name: "RHSA-2005:176",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "GLSA-200503-30",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
                  },
                  {
                     name: "GLSA-200503-10",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10954",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0578",
      datePublished: "2005-02-27T05:00:00",
      dateReserved: "2005-02-27T00:00:00",
      dateUpdated: "2024-08-07T21:21:05.653Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0255
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:25.449Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  name: "SUSE-SA:2005:016",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "oval:org.mitre.oval:def:9111",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100040",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040",
               },
               {
                  name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_IDEFENSE",
                     "x_transferred",
                  ],
                  url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "RHSA-2005:277",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-277.html",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "RHSA-2005:337",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               name: "SUSE-SA:2005:016",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "oval:org.mitre.oval:def:9111",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
            },
            {
               name: "oval:org.mitre.oval:def:100040",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040",
            },
            {
               name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error",
               tags: [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
               ],
               url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "RHSA-2005:277",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-277.html",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "RHSA-2005:337",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0255",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "12659",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12659",
                  },
                  {
                     name: "SUSE-SA:2005:016",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9111",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9111",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-18.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100040",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100040",
                  },
                  {
                     name: "20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error",
                     refsource: "IDEFENSE",
                     url: "http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities",
                  },
                  {
                     name: "RHSA-2005:176",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
                  },
                  {
                     name: "GLSA-200503-30",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
                  },
                  {
                     name: "RHSA-2005:277",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-277.html",
                  },
                  {
                     name: "GLSA-200503-10",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
                  {
                     name: "RHSA-2005:337",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-337.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0255",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-09T00:00:00",
      dateUpdated: "2024-08-07T21:05:25.449Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2261
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808vdb-entry, signature, x_refsource_OVAL
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16044third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://www.networksecurity.fi/advisories/netscape-multiple-issues.htmlx_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=292591x_refsource_MISC
http://www.mozilla.org/security/announce/mfsa2005-46.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=292589x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:48.843Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  name: "oval:org.mitre.oval:def:808",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "16044",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16044",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-46.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10947",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "oval:org.mitre.oval:def:1348",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  name: "oval:org.mitre.oval:def:100012",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               name: "oval:org.mitre.oval:def:808",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "16044",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16044",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292591",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-46.html",
            },
            {
               name: "oval:org.mitre.oval:def:10947",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "oval:org.mitre.oval:def:1348",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               name: "oval:org.mitre.oval:def:100012",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=292589",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2261",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:48.843Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-1794
Vulnerability from cvelistv5
Published
2007-04-02 22:00
Modified
2024-08-07 13:06
Severity ?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
References
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/24624third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1178vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T13:06:26.431Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "102865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1",
               },
               {
                  name: "24624",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24624",
               },
               {
                  name: "ADV-2007-1178",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/1178",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-03-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.  NOTE: this issue might be related to CVE-2006-3805.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "102865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1",
            },
            {
               name: "24624",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24624",
            },
            {
               name: "ADV-2007-1178",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/1178",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-1794",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.  NOTE: this issue might be related to CVE-2006-3805.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "102865",
                     refsource: "SUNALERT",
                     url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1",
                  },
                  {
                     name: "24624",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/24624",
                  },
                  {
                     name: "ADV-2007-1178",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/1178",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-1794",
      datePublished: "2007-04-02T22:00:00",
      dateReserved: "2007-04-02T00:00:00",
      dateUpdated: "2024-08-07T13:06:26.431Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-0496
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 16:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T16:34:14.832Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
               },
               {
                  name: "1015563",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1015563",
               },
               {
                  name: "mozilla-mozbinding-xss(24427)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427",
               },
               {
                  name: "ADV-2006-0403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/0403",
               },
               {
                  name: "16427",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/16427",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://community.livejournal.com/lj_dev/708069.html",
               },
               {
                  name: "1015553",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1015553",
               },
               {
                  name: "20060128 -moz-binding CSS property: more XSS fun",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2",
               },
               {
                  name: "22924",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/22924",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
            },
            {
               name: "1015563",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1015563",
            },
            {
               name: "mozilla-mozbinding-xss(24427)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427",
            },
            {
               name: "ADV-2006-0403",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/0403",
            },
            {
               name: "16427",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/16427",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://community.livejournal.com/lj_dev/708069.html",
            },
            {
               name: "1015553",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1015553",
            },
            {
               name: "20060128 -moz-binding CSS property: more XSS fun",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2",
            },
            {
               name: "22924",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/22924",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-0496",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
                     refsource: "MISC",
                     url: "http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=324253",
                  },
                  {
                     name: "1015563",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1015563",
                  },
                  {
                     name: "mozilla-mozbinding-xss(24427)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24427",
                  },
                  {
                     name: "ADV-2006-0403",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/0403",
                  },
                  {
                     name: "16427",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/16427",
                  },
                  {
                     name: "http://community.livejournal.com/lj_dev/708069.html",
                     refsource: "MISC",
                     url: "http://community.livejournal.com/lj_dev/708069.html",
                  },
                  {
                     name: "1015553",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1015553",
                  },
                  {
                     name: "20060128 -moz-binding CSS property: more XSS fun",
                     refsource: "FULLDISC",
                     url: "http://marc.info/?l=full-disclosure&m=113847912709062&w=2",
                  },
                  {
                     name: "22924",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/22924",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2006-0496",
      datePublished: "2006-02-01T02:00:00",
      dateReserved: "2006-01-31T00:00:00",
      dateUpdated: "2024-08-07T16:34:14.832Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0593
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:05.687Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-14.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100044",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9533",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL \"secure site\" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=258048",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-14.html",
            },
            {
               name: "oval:org.mitre.oval:def:100044",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100044",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268483",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=277564",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "oval:org.mitre.oval:def:9533",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9533",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=276720",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0593",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:05.687Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1091
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:12:17.117Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2003:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
               },
               {
                  name: "5665",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5665",
               },
               {
                  name: "MDKSA-2002:075",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
               },
               {
                  name: "RHSA-2002:192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
               },
               {
                  name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2",
               },
               {
                  name: "netscape-zero-gif-bo(10058)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10058.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-09-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-11-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2003:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
            },
            {
               name: "5665",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5665",
            },
            {
               name: "MDKSA-2002:075",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
            },
            {
               name: "RHSA-2002:192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
            },
            {
               name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2",
            },
            {
               name: "netscape-zero-gif-bo(10058)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10058.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1091",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2003:046",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
                  },
                  {
                     name: "5665",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5665",
                  },
                  {
                     name: "MDKSA-2002:075",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
                  },
                  {
                     name: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
                     refsource: "MISC",
                     url: "http://crash.ihug.co.nz/~Sneuro/zerogif/",
                  },
                  {
                     name: "RHSA-2002:192",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
                  },
                  {
                     name: "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=103134051120770&w=2",
                  },
                  {
                     name: "netscape-zero-gif-bo(10058)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10058.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1091",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-09-06T00:00:00",
      dateUpdated: "2024-08-08T03:12:17.117Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0588
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:05.613Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  name: "oval:org.mitre.oval:def:10682",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-20.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:100038",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               name: "oval:org.mitre.oval:def:10682",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-20.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "oval:org.mitre.oval:def:100038",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=271209",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0588",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:05.613Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1531
Vulnerability from cvelistv5
Published
2005-05-12 04:00
Modified
2024-08-07 21:51
Severity ?
Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:51:50.456Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:10351",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351",
               },
               {
                  name: "oval:org.mitre.oval:def:100015",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "RHSA-2005:435",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
               },
               {
                  name: "13641",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13641",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "1013963",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013963",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-43.html",
               },
               {
                  name: "1013962",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013962",
               },
               {
                  name: "ADV-2005-0530",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/0530",
               },
               {
                  name: "RHSA-2005:434",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via \"Wrapped\" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) \"a nested variant.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:10351",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351",
            },
            {
               name: "oval:org.mitre.oval:def:100015",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "RHSA-2005:435",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-435.html",
            },
            {
               name: "13641",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13641",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "1013963",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013963",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-43.html",
            },
            {
               name: "1013962",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013962",
            },
            {
               name: "ADV-2005-0530",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/0530",
            },
            {
               name: "RHSA-2005:434",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-434.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1531",
      datePublished: "2005-05-12T04:00:00",
      dateReserved: "2005-05-12T00:00:00",
      dateUpdated: "2024-08-07T21:51:50.456Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2268
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:48.903Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "15489",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15489",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-54.html",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "oval:org.mitre.oval:def:1313",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100005",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "oval:org.mitre.oval:def:1268",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268",
               },
               {
                  name: "oval:org.mitre.oval:def:10517",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-06-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "15489",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15489",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-54.html",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "oval:org.mitre.oval:def:1313",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "oval:org.mitre.oval:def:100005",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "oval:org.mitre.oval:def:1268",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268",
            },
            {
               name: "oval:org.mitre.oval:def:10517",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2268",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:48.903Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0585
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.297Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100035",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/secunia_research/2004-15/advisory/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-23.html",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "13599",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/13599",
               },
               {
                  name: "oval:org.mitre.oval:def:9924",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100035",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/secunia_research/2004-15/advisory/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-23.html",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "13599",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/13599",
            },
            {
               name: "oval:org.mitre.oval:def:9924",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0585",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.297Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0905
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.854Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "VU#651928",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/651928",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "oval:org.mitre.oval:def:10378",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378",
               },
               {
                  name: "11177",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11177",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "mozilla-netscape-sameorigin-bypass(17374)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374",
               },
               {
                  name: "TA04-261A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "VU#651928",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/651928",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "oval:org.mitre.oval:def:10378",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378",
            },
            {
               name: "11177",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11177",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "mozilla-netscape-sameorigin-bypass(17374)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374",
            },
            {
               name: "TA04-261A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0905",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "VU#651928",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/651928",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10378",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378",
                  },
                  {
                     name: "11177",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11177",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "mozilla-netscape-sameorigin-bypass(17374)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374",
                  },
                  {
                     name: "TA04-261A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA04-261A.html",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0905",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.854Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0146
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.494Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "mozilla-middle-click-information-disclosure(19171)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
               },
               {
                  name: "oval:org.mitre.oval:def:10362",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "mozilla-middle-click-information-disclosure(19171)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
            },
            {
               name: "oval:org.mitre.oval:def:10362",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0146",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-08.html",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "mozilla-middle-click-information-disclosure(19171)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19171",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=265728",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10362",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10362",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0146",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.494Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0759
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:47.056Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "mozilla-warning-file-upload(16870)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870",
               },
               {
                  name: "oval:org.mitre.oval:def:11153",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "mozilla-warning-file-upload(16870)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870",
            },
            {
               name: "oval:org.mitre.oval:def:11153",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0759",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "mozilla-warning-file-upload(16870)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16870",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11153",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=241924",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0759",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:47.056Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-3896
Vulnerability from cvelistv5
Published
2005-11-29 21:00
Modified
2024-08-07 23:24
Severity ?
Summary
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T23:24:36.573Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20051123 IE BUG, Mozilla DOS?",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-11-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20051123 IE BUG, Mozilla DOS?",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-3896",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20051123 IE BUG, Mozilla DOS?",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=113262115201500&w=2",
                  },
                  {
                     name: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
                     refsource: "MISC",
                     url: "http://www.computerterrorism.com/research/ie/ct21-11-2005",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-3896",
      datePublished: "2005-11-29T21:00:00",
      dateReserved: "2005-11-29T00:00:00",
      dateUpdated: "2024-08-07T23:24:36.573Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-1265
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.htmlmailing-list, x_refsource_BUGTRAQ
http://www.securitytracker.com/id?1005871vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/6499vdb-entry, x_refsource_BID
http://www.iss.net/security_center/static/10963.phpvdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:19:46.060Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
               },
               {
                  name: "1005871",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1005871",
               },
               {
                  name: "6499",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6499",
               },
               {
                  name: "netscape-email-deletion-failure(10963)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10963.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-01-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2008-03-11T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
            },
            {
               name: "1005871",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1005871",
            },
            {
               name: "6499",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6499",
            },
            {
               name: "netscape-email-deletion-failure(10963)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10963.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-1265",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
                  },
                  {
                     name: "1005871",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1005871",
                  },
                  {
                     name: "6499",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6499",
                  },
                  {
                     name: "netscape-email-deletion-failure(10963)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10963.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-1265",
      datePublished: "2005-11-16T07:37:00",
      dateReserved: "2005-11-16T00:00:00",
      dateUpdated: "2024-08-08T02:19:46.060Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0144
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.803Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-ssl-view-source-spoofing(19169)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169",
               },
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11016",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016",
               },
               {
                  name: "oval:org.mitre.oval:def:100054",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-ssl-view-source-spoofing(19169)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169",
            },
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
            },
            {
               name: "oval:org.mitre.oval:def:11016",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016",
            },
            {
               name: "oval:org.mitre.oval:def:100054",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0144",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-ssl-view-source-spoofing(19169)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19169",
                  },
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=262689",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-04.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11016",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11016",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100054",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100054",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0144",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.803Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0593
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
http://secunia.com/advisories/8039third-party-advisory, x_refsource_SECUNIA
http://www.iss.net/security_center/static/8976.phpvdb-entry, x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490vendor-advisory, x_refsource_CONECTIVA
http://www.securityfocus.com/bid/4637vdb-entry, x_refsource_BID
http://online.securityfocus.com/archive/1/270249mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:56:37.949Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "8039",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/8039",
               },
               {
                  name: "mozilla-netscape-irc-bo(8976)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/8976.php",
               },
               {
                  name: "CLA-2002:490",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
               },
               {
                  name: "4637",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/4637",
               },
               {
                  name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/archive/1/270249",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-11-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "8039",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/8039",
            },
            {
               name: "mozilla-netscape-irc-bo(8976)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/8976.php",
            },
            {
               name: "CLA-2002:490",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
            },
            {
               name: "4637",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/4637",
            },
            {
               name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://online.securityfocus.com/archive/1/270249",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0593",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "8039",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/8039",
                  },
                  {
                     name: "mozilla-netscape-irc-bo(8976)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/8976.php",
                  },
                  {
                     name: "CLA-2002:490",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
                  },
                  {
                     name: "4637",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/4637",
                  },
                  {
                     name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                     refsource: "BUGTRAQ",
                     url: "http://online.securityfocus.com/archive/1/270249",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0593",
      datePublished: "2002-06-11T04:00:00",
      dateReserved: "2002-06-11T00:00:00",
      dateUpdated: "2024-08-08T02:56:37.949Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-4874
Vulnerability from cvelistv5
Published
2008-03-28 23:00
Modified
2024-08-08 00:01
Severity ?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:01:23.052Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
               },
               {
                  name: "mozilla-xmlhttprequest-info-disclosure(41553)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
            },
            {
               name: "mozilla-xmlhttprequest-info-disclosure(41553)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-4874",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
                  },
                  {
                     name: "mozilla-xmlhttprequest-info-disclosure(41553)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-4874",
      datePublished: "2008-03-28T23:00:00",
      dateReserved: "2008-03-28T00:00:00",
      dateUpdated: "2024-08-08T00:01:23.052Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0141
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.469Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "mozilla-firefox-file-upload(19168)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168",
               },
               {
                  name: "oval:org.mitre.oval:def:10756",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100057",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "mozilla-firefox-file-upload(19168)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168",
            },
            {
               name: "oval:org.mitre.oval:def:10756",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
            },
            {
               name: "oval:org.mitre.oval:def:100057",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0141",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "mozilla-firefox-file-upload(19168)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10756",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-01.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100057",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0141",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.469Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0594
Vulnerability from cvelistv5
Published
2004-03-16 05:00
Modified
2024-08-08 01:58
Severity ?
Summary
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:58:11.138Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
               },
               {
                  name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
               },
               {
                  name: "oval:org.mitre.oval:def:917",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
               },
               {
                  name: "RHSA-2004:112",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9826",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
               },
               {
                  name: "MDKSA-2004:021",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
               },
               {
                  name: "oval:org.mitre.oval:def:873",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-03-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
            },
            {
               name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
            },
            {
               name: "oval:org.mitre.oval:def:917",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
            },
            {
               name: "RHSA-2004:112",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
            },
            {
               name: "oval:org.mitre.oval:def:9826",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
            },
            {
               name: "MDKSA-2004:021",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
            },
            {
               name: "oval:org.mitre.oval:def:873",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0594",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
                  },
                  {
                     name: "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:917",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
                  },
                  {
                     name: "RHSA-2004:112",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-112.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9826",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
                  },
                  {
                     name: "MDKSA-2004:021",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
                  },
                  {
                     name: "oval:org.mitre.oval:def:873",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0594",
      datePublished: "2004-03-16T05:00:00",
      dateReserved: "2003-07-18T00:00:00",
      dateUpdated: "2024-08-08T01:58:11.138Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0718
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:24:27.203Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "DSA-777",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-777",
               },
               {
                  name: "http-frame-spoof(1598)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  name: "MDKSA-2004:082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "11978",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/11978",
               },
               {
                  name: "oval:org.mitre.oval:def:4756",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
               },
               {
                  name: "oval:org.mitre.oval:def:9997",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-07-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "DSA-777",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-777",
            },
            {
               name: "http-frame-spoof(1598)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               name: "MDKSA-2004:082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "11978",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/11978",
            },
            {
               name: "oval:org.mitre.oval:def:4756",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
            },
            {
               name: "oval:org.mitre.oval:def:9997",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0718",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-810",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-810",
                  },
                  {
                     name: "DSA-777",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2005/dsa-777",
                  },
                  {
                     name: "http-frame-spoof(1598)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598",
                  },
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "MDKSA-2004:082",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "11978",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/11978",
                  },
                  {
                     name: "oval:org.mitre.oval:def:4756",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
                  },
                  {
                     name: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9997",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0718",
      datePublished: "2004-07-23T04:00:00",
      dateReserved: "2004-07-22T00:00:00",
      dateUpdated: "2024-08-08T00:24:27.203Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1156
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
Summary
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:39:00.911Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/secunia_research/2004-13/advisory/",
               },
               {
                  name: "13129",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/13129/",
               },
               {
                  name: "oval:org.mitre.oval:def:10117",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:100045",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-12-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://secunia.com/secunia_research/2004-13/advisory/",
            },
            {
               name: "13129",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/13129/",
            },
            {
               name: "oval:org.mitre.oval:def:10117",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "oval:org.mitre.oval:def:100045",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1156",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
                     refsource: "MISC",
                     url: "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
                  },
                  {
                     name: "http://secunia.com/secunia_research/2004-13/advisory/",
                     refsource: "MISC",
                     url: "http://secunia.com/secunia_research/2004-13/advisory/",
                  },
                  {
                     name: "13129",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/13129/",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10117",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117",
                  },
                  {
                     name: "RHSA-2005:176",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
                  },
                  {
                     name: "RHSA-2005:384",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
                  },
                  {
                     name: "GLSA-200503-30",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-13.html",
                  },
                  {
                     name: "GLSA-200503-10",
                     refsource: "GENTOO",
                     url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100045",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1156",
      datePublished: "2004-12-10T05:00:00",
      dateReserved: "2004-12-08T00:00:00",
      dateUpdated: "2024-08-08T00:39:00.911Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0594
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490vendor-advisory, x_refsource_CONECTIVA
http://online.securityfocus.com/archive/1/270249mailing-list, x_refsource_BUGTRAQ
http://www.iss.net/security_center/static/8977.phpvdb-entry, x_refsource_XF
http://www.redhat.com/support/errata/RHSA-2003-046.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/4640vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2002-192.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:56:38.244Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "CLA-2002:490",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
               },
               {
                  name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/archive/1/270249",
               },
               {
                  name: "mozilla-css-files-exist(8977)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/8977.php",
               },
               {
                  name: "RHSA-2003:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
               },
               {
                  name: "4640",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/4640",
               },
               {
                  name: "RHSA-2002:192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-04-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-11-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "CLA-2002:490",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
            },
            {
               name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://online.securityfocus.com/archive/1/270249",
            },
            {
               name: "mozilla-css-files-exist(8977)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/8977.php",
            },
            {
               name: "RHSA-2003:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
            },
            {
               name: "4640",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/4640",
            },
            {
               name: "RHSA-2002:192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0594",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "CLA-2002:490",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490",
                  },
                  {
                     name: "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
                     refsource: "BUGTRAQ",
                     url: "http://online.securityfocus.com/archive/1/270249",
                  },
                  {
                     name: "mozilla-css-files-exist(8977)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/8977.php",
                  },
                  {
                     name: "RHSA-2003:046",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
                  },
                  {
                     name: "4640",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/4640",
                  },
                  {
                     name: "RHSA-2002:192",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0594",
      datePublished: "2003-04-02T05:00:00",
      dateReserved: "2002-06-11T00:00:00",
      dateUpdated: "2024-08-08T02:56:38.244Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1156
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:35:59.977Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11230",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  name: "oval:org.mitre.oval:def:100020",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.mikx.de/firesearching/",
               },
               {
                  name: "1013745",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013745",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "mozilla-plugin-xss(20125)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  name: "13211",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13211",
               },
               {
                  name: "14996",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14996",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "oval:org.mitre.oval:def:11230",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               name: "oval:org.mitre.oval:def:100020",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.mikx.de/firesearching/",
            },
            {
               name: "1013745",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013745",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "mozilla-plugin-xss(20125)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               name: "13211",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13211",
            },
            {
               name: "14996",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14996",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1156",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:35:59.977Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1157
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:36:00.181Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.mikx.de/firesearching/",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "mozilla-plugin-xss(20125)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "oval:org.mitre.oval:def:9961",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  name: "13211",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13211",
               },
               {
                  name: "14996",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14996",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-38.html",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.mikx.de/firesearching/",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "mozilla-plugin-xss(20125)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "oval:org.mitre.oval:def:9961",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               name: "13211",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13211",
            },
            {
               name: "14996",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14996",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290037",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1157",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:36:00.181Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0478
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
Summary
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:17:15.248Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[Dailydave] 20040514 Mozilla bug might even get fixed!",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html",
               },
               {
                  name: "mozilla-javascript-dos(16225)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-05-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop  that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[Dailydave] 20040514 Mozilla bug might even get fixed!",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html",
            },
            {
               name: "mozilla-javascript-dos(16225)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0478",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop  that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[Dailydave] 20040514 Mozilla bug might even get fixed!",
                     refsource: "MLIST",
                     url: "http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html",
                  },
                  {
                     name: "mozilla-javascript-dos(16225)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16225",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=243540",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0478",
      datePublished: "2004-05-20T04:00:00",
      dateReserved: "2004-05-17T00:00:00",
      dateUpdated: "2024-08-08T00:17:15.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2263
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=293331x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/security/announce/mfsa2005-48.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:48.352Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331",
               },
               {
                  name: "oval:org.mitre.oval:def:100010",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010",
               },
               {
                  name: "oval:org.mitre.oval:def:100016",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "oval:org.mitre.oval:def:1311",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "oval:org.mitre.oval:def:1281",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281",
               },
               {
                  name: "oval:org.mitre.oval:def:11629",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-48.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=293331",
            },
            {
               name: "oval:org.mitre.oval:def:100010",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010",
            },
            {
               name: "oval:org.mitre.oval:def:100016",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "oval:org.mitre.oval:def:1311",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "oval:org.mitre.oval:def:1281",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281",
            },
            {
               name: "oval:org.mitre.oval:def:11629",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-48.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2263",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:48.352Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1126
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
Summary
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:12:16.951Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20020911 Privacy leak in mozilla",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2",
               },
               {
                  name: "RHSA-2003:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
               },
               {
                  name: "mozilla-onunload-url-leak(10084)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10084.php",
               },
               {
                  name: "5694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5694",
               },
               {
                  name: "MDKSA-2002:075",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
               },
               {
                  name: "RHSA-2002:192",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-11-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20020911 Privacy leak in mozilla",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2",
            },
            {
               name: "RHSA-2003:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
            },
            {
               name: "mozilla-onunload-url-leak(10084)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10084.php",
            },
            {
               name: "5694",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5694",
            },
            {
               name: "MDKSA-2002:075",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
            },
            {
               name: "RHSA-2002:192",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1126",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20020911 Privacy leak in mozilla",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=103176760004720&w=2",
                  },
                  {
                     name: "RHSA-2003:046",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-046.html",
                  },
                  {
                     name: "mozilla-onunload-url-leak(10084)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10084.php",
                  },
                  {
                     name: "5694",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5694",
                  },
                  {
                     name: "MDKSA-2002:075",
                     refsource: "MANDRAKE",
                     url: "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=145579",
                  },
                  {
                     name: "RHSA-2002:192",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-192.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1126",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-09-17T00:00:00",
      dateUpdated: "2024-08-08T03:12:16.951Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-4039
Vulnerability from cvelistv5
Published
2007-07-27 22:00
Modified
2024-09-17 01:21
Severity ?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T14:37:06.207Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
               },
               {
                  name: "20070725 Mozilla protocol abuse",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-07-27T22:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
            },
            {
               name: "20070725 Mozilla protocol abuse",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-4039",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
                     refsource: "MISC",
                     url: "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
                  },
                  {
                     name: "20070725 Mozilla protocol abuse",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2007/Jul/0557.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-4039",
      datePublished: "2007-07-27T22:00:00Z",
      dateReserved: "2007-07-27T00:00:00Z",
      dateUpdated: "2024-09-17T01:21:30.348Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0586
Vulnerability from cvelistv5
Published
2005-02-28 05:00
Modified
2024-08-07 21:21
Severity ?
Summary
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:21:06.048Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:100036",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036",
               },
               {
                  name: "12659",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12659",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-22.html",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "13258",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/13258",
               },
               {
                  name: "oval:org.mitre.oval:def:11152",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:100036",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100036",
            },
            {
               name: "12659",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12659",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-22.html",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "13258",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/13258",
            },
            {
               name: "oval:org.mitre.oval:def:11152",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11152",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0586",
      datePublished: "2005-02-28T05:00:00",
      dateReserved: "2005-02-28T00:00:00",
      dateUpdated: "2024-08-07T21:21:06.048Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0149
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:25.075Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  name: "oval:org.mitre.oval:def:100047",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047",
               },
               {
                  name: "RHSA-2005:335",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
               },
               {
                  name: "RHSA-2005:094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-094.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11407",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "mozilla-cookie-policy-bypass(19172)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               name: "oval:org.mitre.oval:def:100047",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047",
            },
            {
               name: "RHSA-2005:335",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
            },
            {
               name: "RHSA-2005:094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-094.html",
            },
            {
               name: "oval:org.mitre.oval:def:11407",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "mozilla-cookie-policy-bypass(19172)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0149",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100047",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047",
                  },
                  {
                     name: "RHSA-2005:335",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-335.html",
                  },
                  {
                     name: "19823",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19823",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-11.html",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
                  },
                  {
                     name: "RHSA-2005:094",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-094.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11407",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407",
                  },
                  {
                     name: "SUSE-SA:2006:022",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
                  },
                  {
                     name: "mozilla-cookie-policy-bypass(19172)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0149",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:25.075Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0906
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:48.049Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "mozilla-insecure-file-permissions(17375)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375",
               },
               {
                  name: "11192",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11192",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
               },
               {
                  name: "oval:org.mitre.oval:def:11668",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668",
               },
               {
                  name: "VU#653160",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/653160",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "12526",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12526/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "mozilla-insecure-file-permissions(17375)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375",
            },
            {
               name: "11192",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11192",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
            },
            {
               name: "oval:org.mitre.oval:def:11668",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668",
            },
            {
               name: "VU#653160",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/653160",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "12526",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12526/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0906",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "mozilla-insecure-file-permissions(17375)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17375",
                  },
                  {
                     name: "11192",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11192",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=231083",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11668",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668",
                  },
                  {
                     name: "VU#653160",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/653160",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "12526",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12526/",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=235781",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0906",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:48.049Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1451
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:53:23.805Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "10419",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/10419/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-01-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-15T16:38:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "10419",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/10419/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1451",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "10419",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/10419/",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=228176",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1451",
      datePublished: "2005-02-13T05:00:00",
      dateReserved: "2005-02-13T00:00:00",
      dateUpdated: "2024-08-08T00:53:23.805Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0233
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:25.422Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.shmoo.com/idn/homograph.txt",
               },
               {
                  name: "multiple-browsers-idn-spoof(19236)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
               },
               {
                  name: "20050206 state of homograph attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.shmoo.com/idn",
               },
               {
                  name: "SUSE-SA:2005:016",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11229",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229",
               },
               {
                  name: "oval:org.mitre.oval:def:100029",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029",
               },
               {
                  name: "RHSA-2005:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "GLSA-200503-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
               },
               {
                  name: "GLSA-200503-10",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
               },
               {
                  name: "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2",
               },
               {
                  name: "12461",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12461",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-29.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.shmoo.com/idn/homograph.txt",
            },
            {
               name: "multiple-browsers-idn-spoof(19236)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
            },
            {
               name: "20050206 state of homograph attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.shmoo.com/idn",
            },
            {
               name: "SUSE-SA:2005:016",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html",
            },
            {
               name: "oval:org.mitre.oval:def:11229",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229",
            },
            {
               name: "oval:org.mitre.oval:def:100029",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029",
            },
            {
               name: "RHSA-2005:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-176.html",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "GLSA-200503-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml",
            },
            {
               name: "GLSA-200503-10",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml",
            },
            {
               name: "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=110782704923280&w=2",
            },
            {
               name: "12461",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12461",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-29.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0233",
      datePublished: "2005-02-07T05:00:00",
      dateReserved: "2005-02-07T00:00:00",
      dateUpdated: "2024-08-07T21:05:25.422Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1159
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:44
Severity ?
Summary
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
References
http://www.redhat.com/support/errata/RHSA-2005-386.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/14992third-party-advisory, x_refsource_SECUNIA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtvendor-advisory, x_refsource_SCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/20123vdb-entry, x_refsource_XF
https://bugzilla.mozilla.org/show_bug.cgi?id=290162x_refsource_CONFIRM
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1013742vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/15495vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlvendor-advisory, x_refsource_GENTOO
http://www.mozilla.org/security/announce/mfsa2005-40.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/13232vdb-entry, x_refsource_BID
http://securitytracker.com/id?1013743vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/14938third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-384.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-383.htmlvendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:44:05.013Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "mozilla-installtrigger-command-execution(20123)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "1013742",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013742",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-40.html",
               },
               {
                  name: "13232",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13232",
               },
               {
                  name: "1013743",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013743",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "oval:org.mitre.oval:def:100018",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10629",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "mozilla-installtrigger-command-execution(20123)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20123",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290162",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "1013742",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013742",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-40.html",
            },
            {
               name: "13232",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13232",
            },
            {
               name: "1013743",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013743",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "oval:org.mitre.oval:def:100018",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:10629",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1159",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:44:05.013Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2260
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16044third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
http://bugzilla.mozilla.org/show_bug.cgi?id=289940x_refsource_MISC
http://www.networksecurity.fi/advisories/netscape-multiple-issues.htmlx_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/security/announce/mfsa2005-45.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:47.741Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "oval:org.mitre.oval:def:742",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "16044",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16044",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10132",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "oval:org.mitre.oval:def:1226",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-45.html",
               },
               {
                  name: "oval:org.mitre.oval:def:100013",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "oval:org.mitre.oval:def:742",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "16044",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16044",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=289940",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
            },
            {
               name: "oval:org.mitre.oval:def:10132",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "oval:org.mitre.oval:def:1226",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-45.html",
            },
            {
               name: "oval:org.mitre.oval:def:100013",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2260",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:47.741Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1308
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.634Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2",
               },
               {
                  name: "mozilla-netscape-jar-bo(10636)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636",
               },
               {
                  name: "6185",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6185",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
               },
               {
                  name: "RHSA-2003:163",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-163.html",
               },
               {
                  name: "RHSA-2003:162",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-162.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-11-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2004-08-04T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2",
            },
            {
               name: "mozilla-netscape-jar-bo(10636)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636",
            },
            {
               name: "6185",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6185",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
            },
            {
               name: "RHSA-2003:163",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-163.html",
            },
            {
               name: "RHSA-2003:162",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-162.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1308",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=103730181813075&w=2",
                  },
                  {
                     name: "mozilla-netscape-jar-bo(10636)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636",
                  },
                  {
                     name: "6185",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6185",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
                     refsource: "MISC",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
                  },
                  {
                     name: "RHSA-2003:163",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-163.html",
                  },
                  {
                     name: "RHSA-2003:162",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-162.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1308",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-11-15T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.634Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-1155
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
Summary
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:36:00.302Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:10655",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655",
               },
               {
                  name: "RHSA-2005:386",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
               },
               {
                  name: "14992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14992",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036",
               },
               {
                  name: "oval:org.mitre.oval:def:100021",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.mikx.de/firelinking/",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "VU#973309",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/973309",
               },
               {
                  name: "GLSA-200504-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
               },
               {
                  name: "14938",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/14938",
               },
               {
                  name: "RHSA-2005:384",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-37.html",
               },
               {
                  name: "13216",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/13216",
               },
               {
                  name: "RHSA-2005:383",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-04-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel=\"icon\"> tag with a javascript: URL in the href attribute, aka \"Firelinking.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:10655",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10655",
            },
            {
               name: "RHSA-2005:386",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-386.html",
            },
            {
               name: "14992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14992",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=290036",
            },
            {
               name: "oval:org.mitre.oval:def:100021",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100021",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.mikx.de/firelinking/",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "VU#973309",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/973309",
            },
            {
               name: "GLSA-200504-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml",
            },
            {
               name: "14938",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/14938",
            },
            {
               name: "RHSA-2005:384",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-384.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-37.html",
            },
            {
               name: "13216",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/13216",
            },
            {
               name: "RHSA-2005:383",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-383.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-1155",
      datePublished: "2005-04-18T04:00:00",
      dateReserved: "2005-04-18T00:00:00",
      dateUpdated: "2024-08-07T21:36:00.302Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-0292
Vulnerability from cvelistv5
Published
2006-02-02 20:00
Modified
2024-08-07 16:25
Severity ?
Summary
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
References
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/275-1/vendor-advisory, x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2006-0330.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19902third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/24430vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/276-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/438730/100/0/threadedvendor-advisory, x_refsource_HP
http://secunia.com/advisories/19941third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19780third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=316885x_refsource_CONFIRM
http://secunia.com/advisories/19821third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.htmlvendor-advisory, x_refsource_FEDORA
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21622third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19862third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19230third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18704third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmx_refsource_CONFIRM
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1051vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18709third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3749vdb-entry, x_refsource_VUPEN
https://usn.ubuntu.com/271-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/18705third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/16476vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/0413vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1015570vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/19746third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21033third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18700third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/19759third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/446657/100/200/threadedvendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2006-0200.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/18706third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/438730/100/0/threadedvendor-advisory, x_refsource_HP
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.htmlvendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0199.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/20051third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19863third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/446657/100/200/threadedvendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/425978/100/0/threadedvendor-advisory, x_refsource_FEDORA
http://www.mozilla.org/security/announce/2006/mfsa2006-01.htmlx_refsource_CONFIRM
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-Uvendor-advisory, x_refsource_SGI
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtvendor-advisory, x_refsource_SCO
http://secunia.com/advisories/18708third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/425975/100/0/threadedvendor-advisory, x_refsource_FEDORA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/19852third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2006/3391vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/18703third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22065third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19950third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1046vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-1044vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T16:25:34.237Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "MDKSA-2006:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036",
               },
               {
                  name: "USN-275-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/275-1/",
               },
               {
                  name: "RHSA-2006:0330",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html",
               },
               {
                  name: "19902",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19902",
               },
               {
                  name: "mozilla-javascript-memory-corruption(24430)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430",
               },
               {
                  name: "MDKSA-2006:037",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037",
               },
               {
                  name: "USN-276-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/276-1/",
               },
               {
                  name: "HPSBUX02122",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
               },
               {
                  name: "19941",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19941",
               },
               {
                  name: "19780",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19780",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885",
               },
               {
                  name: "19821",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19821",
               },
               {
                  name: "oval:org.mitre.oval:def:10016",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016",
               },
               {
                  name: "FEDORA-2006-075",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html",
               },
               {
                  name: "GLSA-200604-12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml",
               },
               {
                  name: "21622",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21622",
               },
               {
                  name: "19862",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19862",
               },
               {
                  name: "19230",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19230",
               },
               {
                  name: "18704",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18704",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "DSA-1051",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2006/dsa-1051",
               },
               {
                  name: "18709",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18709",
               },
               {
                  name: "ADV-2006-3749",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/3749",
               },
               {
                  name: "USN-271-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/271-1/",
               },
               {
                  name: "18705",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18705",
               },
               {
                  name: "GLSA-200604-18",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml",
               },
               {
                  name: "16476",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/16476",
               },
               {
                  name: "ADV-2006-0413",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/0413",
               },
               {
                  name: "1015570",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1015570",
               },
               {
                  name: "19746",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19746",
               },
               {
                  name: "21033",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/21033",
               },
               {
                  name: "18700",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18700",
               },
               {
                  name: "102550",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1",
               },
               {
                  name: "19759",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19759",
               },
               {
                  name: "SSRT061236",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
               },
               {
                  name: "RHSA-2006:0200",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html",
               },
               {
                  name: "oval:org.mitre.oval:def:670",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670",
               },
               {
                  name: "18706",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18706",
               },
               {
                  name: "SSRT061158",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
               },
               {
                  name: "FEDORA-2006-076",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html",
               },
               {
                  name: "MDKSA-2006:078",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078",
               },
               {
                  name: "RHSA-2006:0199",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html",
               },
               {
                  name: "20051",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/20051",
               },
               {
                  name: "19863",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19863",
               },
               {
                  name: "HPSBUX02156",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
               },
               {
                  name: "FLSA-2006:180036-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html",
               },
               {
                  name: "20060201-01-U",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U",
               },
               {
                  name: "SCOSA-2006.26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt",
               },
               {
                  name: "18708",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18708",
               },
               {
                  name: "FLSA:180036-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded",
               },
               {
                  name: "228526",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1",
               },
               {
                  name: "19852",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19852",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "GLSA-200605-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml",
               },
               {
                  name: "ADV-2006-3391",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/3391",
               },
               {
                  name: "18703",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/18703",
               },
               {
                  name: "22065",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/22065",
               },
               {
                  name: "19950",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19950",
               },
               {
                  name: "DSA-1046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2006/dsa-1046",
               },
               {
                  name: "DSA-1044",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2006/dsa-1044",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-02-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-19T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "MDKSA-2006:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036",
            },
            {
               name: "USN-275-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/275-1/",
            },
            {
               name: "RHSA-2006:0330",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0330.html",
            },
            {
               name: "19902",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19902",
            },
            {
               name: "mozilla-javascript-memory-corruption(24430)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24430",
            },
            {
               name: "MDKSA-2006:037",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037",
            },
            {
               name: "USN-276-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/276-1/",
            },
            {
               name: "HPSBUX02122",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
            },
            {
               name: "19941",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19941",
            },
            {
               name: "19780",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19780",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=316885",
            },
            {
               name: "19821",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19821",
            },
            {
               name: "oval:org.mitre.oval:def:10016",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016",
            },
            {
               name: "FEDORA-2006-075",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html",
            },
            {
               name: "GLSA-200604-12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml",
            },
            {
               name: "21622",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21622",
            },
            {
               name: "19862",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19862",
            },
            {
               name: "19230",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19230",
            },
            {
               name: "18704",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18704",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "DSA-1051",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2006/dsa-1051",
            },
            {
               name: "18709",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18709",
            },
            {
               name: "ADV-2006-3749",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/3749",
            },
            {
               name: "USN-271-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/271-1/",
            },
            {
               name: "18705",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18705",
            },
            {
               name: "GLSA-200604-18",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml",
            },
            {
               name: "16476",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/16476",
            },
            {
               name: "ADV-2006-0413",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/0413",
            },
            {
               name: "1015570",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1015570",
            },
            {
               name: "19746",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19746",
            },
            {
               name: "21033",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/21033",
            },
            {
               name: "18700",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18700",
            },
            {
               name: "102550",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1",
            },
            {
               name: "19759",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19759",
            },
            {
               name: "SSRT061236",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
            },
            {
               name: "RHSA-2006:0200",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0200.html",
            },
            {
               name: "oval:org.mitre.oval:def:670",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670",
            },
            {
               name: "18706",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18706",
            },
            {
               name: "SSRT061158",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/438730/100/0/threaded",
            },
            {
               name: "FEDORA-2006-076",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html",
            },
            {
               name: "MDKSA-2006:078",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078",
            },
            {
               name: "RHSA-2006:0199",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2006-0199.html",
            },
            {
               name: "20051",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/20051",
            },
            {
               name: "19863",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19863",
            },
            {
               name: "HPSBUX02156",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/archive/1/446657/100/200/threaded",
            },
            {
               name: "FLSA-2006:180036-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://www.securityfocus.com/archive/1/425978/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/2006/mfsa2006-01.html",
            },
            {
               name: "20060201-01-U",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U",
            },
            {
               name: "SCOSA-2006.26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt",
            },
            {
               name: "18708",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18708",
            },
            {
               name: "FLSA:180036-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://www.securityfocus.com/archive/1/425975/100/0/threaded",
            },
            {
               name: "228526",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1",
            },
            {
               name: "19852",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19852",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "GLSA-200605-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml",
            },
            {
               name: "ADV-2006-3391",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/3391",
            },
            {
               name: "18703",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/18703",
            },
            {
               name: "22065",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/22065",
            },
            {
               name: "19950",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19950",
            },
            {
               name: "DSA-1046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2006/dsa-1046",
            },
            {
               name: "DSA-1044",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2006/dsa-1044",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-0292",
      datePublished: "2006-02-02T20:00:00",
      dateReserved: "2006-01-18T00:00:00",
      dateUpdated: "2024-08-07T16:25:34.237Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-2061
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:51
Severity ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:51:17.557Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
               },
               {
                  name: "MDKSA-2002:074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
               },
               {
                  name: "links-png-image-bo(9287)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/9287.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-05-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-10-18T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
            },
            {
               name: "MDKSA-2002:074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
            },
            {
               name: "links-png-image-bo(9287)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/9287.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-2061",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
                  },
                  {
                     name: "MDKSA-2002:074",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
                  },
                  {
                     name: "links-png-image-bo(9287)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/9287.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-2061",
      datePublished: "2005-07-14T04:00:00",
      dateReserved: "2005-07-14T00:00:00",
      dateUpdated: "2024-08-08T03:51:17.557Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2968
Vulnerability from cvelistv5
Published
2005-09-20 04:00
Modified
2024-08-07 22:53
Severity ?
Summary
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
References
http://www.debian.org/security/2005/dsa-868vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2005/1824vdb-entry, x_refsource_VUPEN
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtvendor-advisory, x_refsource_SCO
http://www.securityfocus.com/bid/14888vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/15495vdb-entry, x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=307185x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-186-2vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/16869third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-791.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-200-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/17042third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-866vendor-advisory, x_refsource_DEBIAN
http://www.mozilla.org/security/announce/mfsa2005-58.htmlx_refsource_CONFIRM
http://secunia.com/advisories/17284third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17149third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17263third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/914681third-party-advisory, x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-785.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-186-1vendor-advisory, x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/17090third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1794vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:53:29.713Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-868",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-868",
               },
               {
                  name: "ADV-2005-1824",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1824",
               },
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "14888",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14888",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185",
               },
               {
                  name: "USN-186-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-186-2",
               },
               {
                  name: "16869",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16869",
               },
               {
                  name: "RHSA-2005:791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-791.html",
               },
               {
                  name: "USN-200-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-200-1",
               },
               {
                  name: "17042",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/17042",
               },
               {
                  name: "DSA-866",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-866",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-58.html",
               },
               {
                  name: "17284",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/17284",
               },
               {
                  name: "17149",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/17149",
               },
               {
                  name: "17263",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/17263",
               },
               {
                  name: "oval:org.mitre.oval:def:11105",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105",
               },
               {
                  name: "VU#914681",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/914681",
               },
               {
                  name: "RHSA-2005:785",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-785.html",
               },
               {
                  name: "USN-186-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-186-1",
               },
               {
                  name: "MDKSA-2005:174",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174",
               },
               {
                  name: "17090",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/17090",
               },
               {
                  name: "ADV-2005-1794",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1794",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-09-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-868",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-868",
            },
            {
               name: "ADV-2005-1824",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1824",
            },
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "14888",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14888",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=307185",
            },
            {
               name: "USN-186-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-186-2",
            },
            {
               name: "16869",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16869",
            },
            {
               name: "RHSA-2005:791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-791.html",
            },
            {
               name: "USN-200-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-200-1",
            },
            {
               name: "17042",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/17042",
            },
            {
               name: "DSA-866",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-866",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-58.html",
            },
            {
               name: "17284",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/17284",
            },
            {
               name: "17149",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/17149",
            },
            {
               name: "17263",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/17263",
            },
            {
               name: "oval:org.mitre.oval:def:11105",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105",
            },
            {
               name: "VU#914681",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/914681",
            },
            {
               name: "RHSA-2005:785",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-785.html",
            },
            {
               name: "USN-186-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-186-1",
            },
            {
               name: "MDKSA-2005:174",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174",
            },
            {
               name: "17090",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/17090",
            },
            {
               name: "ADV-2005-1794",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1794",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2968",
      datePublished: "2005-09-20T04:00:00",
      dateReserved: "2005-09-19T00:00:00",
      dateUpdated: "2024-08-07T22:53:29.713Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2270
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=294795x_refsource_MISC
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751vdb-entry, signature, x_refsource_OVAL
http://www.mozilla.org/security/announce/mfsa2005-56.htmlx_refsource_CONFIRM
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
https://bugzilla.mozilla.org/show_bug.cgi?id=295011x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=294799x_refsource_MISC
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://securitytracker.com/id?1014470vdb-entry, x_refsource_SECTRACK
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/652366third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=296397x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:48.688Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "oval:org.mitre.oval:def:11751",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-56.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "oval:org.mitre.oval:def:550",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "oval:org.mitre.oval:def:817",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "1014470",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014470",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "VU#652366",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/652366",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397",
               },
               {
                  name: "oval:org.mitre.oval:def:100003",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294795",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "oval:org.mitre.oval:def:11751",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-56.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295011",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=294799",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "oval:org.mitre.oval:def:550",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "oval:org.mitre.oval:def:817",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "1014470",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014470",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "VU#652366",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/652366",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=296397",
            },
            {
               name: "oval:org.mitre.oval:def:100003",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2270",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:48.688Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2114
Vulnerability from cvelistv5
Published
2005-07-01 04:00
Modified
2024-08-07 22:15
Severity ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:15:37.382Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1014292",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014292",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "1014293",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014293",
               },
               {
                  name: "1014294",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014294",
               },
               {
                  name: "1014372",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014372",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.kurczaba.com/html/security/0506241.htm",
               },
               {
                  name: "20050629 Mozilla Multiple Product JavaScript Issue",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2",
               },
               {
                  name: "1014349",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1014349",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "mozilla-mult-browsers-javascript-dos(21188)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188",
               },
               {
                  name: "oval:org.mitre.oval:def:9628",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-06-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1014292",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014292",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "1014293",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014293",
            },
            {
               name: "1014294",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014294",
            },
            {
               name: "1014372",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014372",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.kurczaba.com/html/security/0506241.htm",
            },
            {
               name: "20050629 Mozilla Multiple Product JavaScript Issue",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2",
            },
            {
               name: "1014349",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1014349",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "mozilla-mult-browsers-javascript-dos(21188)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188",
            },
            {
               name: "oval:org.mitre.oval:def:9628",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-2114",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1014292",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1014292",
                  },
                  {
                     name: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
                     refsource: "MISC",
                     url: "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
                  },
                  {
                     name: "RHSA-2005:587",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
                  },
                  {
                     name: "1014293",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1014293",
                  },
                  {
                     name: "1014294",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1014294",
                  },
                  {
                     name: "1014372",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1014372",
                  },
                  {
                     name: "http://www.kurczaba.com/html/security/0506241.htm",
                     refsource: "MISC",
                     url: "http://www.kurczaba.com/html/security/0506241.htm",
                  },
                  {
                     name: "20050629 Mozilla Multiple Product JavaScript Issue",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=112008299210033&w=2",
                  },
                  {
                     name: "1014349",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1014349",
                  },
                  {
                     name: "RHSA-2005:586",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
                  },
                  {
                     name: "mozilla-mult-browsers-javascript-dos(21188)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9628",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-2114",
      datePublished: "2005-07-01T04:00:00",
      dateReserved: "2005-07-01T00:00:00",
      dateUpdated: "2024-08-07T22:15:37.382Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0648
Vulnerability from cvelistv5
Published
2004-07-13 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
References
http://www.mozilla.org/projects/security/known-vulnerabilities.htmlx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/927014third-party-advisory, x_refsource_CERT-VN
http://www.ciac.org/ciac/bulletins/o-175.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://www.mozilla.org/security/shell.htmlx_refsource_CONFIRM
http://secunia.com/advisories/12027third-party-advisory, x_refsource_SECUNIA
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.htmlmailing-list, x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=108938712815719&w=2mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/16655vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:24:27.041Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
               },
               {
                  name: "VU#927014",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/927014",
               },
               {
                  name: "O-175",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/o-175.shtml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/shell.html",
               },
               {
                  name: "12027",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12027",
               },
               {
                  name: "20040707 shell:windows command question",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html",
               },
               {
                  name: "20040708 Mozilla Security Advisory 2004-07-08",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2",
               },
               {
                  name: "mozilla-shell-program-execution(16655)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-07-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
            },
            {
               name: "VU#927014",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/927014",
            },
            {
               name: "O-175",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/o-175.shtml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/shell.html",
            },
            {
               name: "12027",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12027",
            },
            {
               name: "20040707 shell:windows command question",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html",
            },
            {
               name: "20040708 Mozilla Security Advisory 2004-07-08",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2",
            },
            {
               name: "mozilla-shell-program-execution(16655)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0648",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  },
                  {
                     name: "VU#927014",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/927014",
                  },
                  {
                     name: "O-175",
                     refsource: "CIAC",
                     url: "http://www.ciac.org/ciac/bulletins/o-175.shtml",
                  },
                  {
                     name: "http://www.mozilla.org/security/shell.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/shell.html",
                  },
                  {
                     name: "12027",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12027",
                  },
                  {
                     name: "20040707 shell:windows command question",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html",
                  },
                  {
                     name: "20040708 Mozilla Security Advisory 2004-07-08",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=108938712815719&w=2",
                  },
                  {
                     name: "mozilla-shell-program-execution(16655)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16655",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0648",
      datePublished: "2004-07-13T04:00:00",
      dateReserved: "2004-07-09T00:00:00",
      dateUpdated: "2024-08-08T00:24:27.041Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-1450
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:53:23.764Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-04-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-15T16:38:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1450",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=239122",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1450",
      datePublished: "2005-02-13T05:00:00",
      dateReserved: "2005-02-13T00:00:00",
      dateUpdated: "2024-08-08T00:53:23.764Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-3010
Vulnerability from cvelistv5
Published
2009-08-31 16:00
Modified
2024-08-07 06:14
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T06:14:55.402Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://websecurity.com.ua/3386/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://websecurity.com.ua/3315/",
               },
               {
                  name: "firefox-seamonkey-data-xss(52999)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-07-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.  NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://websecurity.com.ua/3386/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://websecurity.com.ua/3315/",
            },
            {
               name: "firefox-seamonkey-data-xss(52999)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-3010",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.  NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://websecurity.com.ua/3386/",
                     refsource: "MISC",
                     url: "http://websecurity.com.ua/3386/",
                  },
                  {
                     name: "http://websecurity.com.ua/3315/",
                     refsource: "MISC",
                     url: "http://websecurity.com.ua/3315/",
                  },
                  {
                     name: "firefox-seamonkey-data-xss(52999)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-3010",
      datePublished: "2009-08-31T16:00:00",
      dateReserved: "2009-08-31T00:00:00",
      dateUpdated: "2024-08-07T06:14:55.402Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-3144
Vulnerability from cvelistv5
Published
2007-06-11 18:00
Modified
2024-08-07 14:05
Severity ?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
References
http://www.securityfocus.com/bid/24352vdb-entry, x_refsource_BID
http://osvdb.org/43466vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/34983vdb-entry, x_refsource_XF
http://testing.bitsploit.de/test.htmlx_refsource_MISC
http://www.0x000000.com/?i=334x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T14:05:28.585Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "24352",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24352",
               },
               {
                  name: "43466",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/43466",
               },
               {
                  name: "multiple-basic-authentication-spoofing(34983)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://testing.bitsploit.de/test.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.0x000000.com/?i=334",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-06-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "24352",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24352",
            },
            {
               name: "43466",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/43466",
            },
            {
               name: "multiple-basic-authentication-spoofing(34983)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://testing.bitsploit.de/test.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.0x000000.com/?i=334",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-3144",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "24352",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24352",
                  },
                  {
                     name: "43466",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/43466",
                  },
                  {
                     name: "multiple-basic-authentication-spoofing(34983)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983",
                  },
                  {
                     name: "http://testing.bitsploit.de/test.html",
                     refsource: "MISC",
                     url: "http://testing.bitsploit.de/test.html",
                  },
                  {
                     name: "http://www.0x000000.com/?i=334",
                     refsource: "MISC",
                     url: "http://www.0x000000.com/?i=334",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-3144",
      datePublished: "2007-06-11T18:00:00",
      dateReserved: "2007-06-11T00:00:00",
      dateUpdated: "2024-08-07T14:05:28.585Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0815
Vulnerability from cvelistv5
Published
2002-08-01 04:00
Modified
2024-08-08 03:03
Severity ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
http://marc.info/?l=bugtraq&m=102798282208686&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102796732924658&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:03:48.882Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20020729 RE: XWT Foundation Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2",
               },
               {
                  name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-07-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20020729 RE: XWT Foundation Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2",
            },
            {
               name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0815",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20020729 RE: XWT Foundation Advisory",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=102798282208686&w=2",
                  },
                  {
                     name: "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=102796732924658&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0815",
      datePublished: "2002-08-01T04:00:00",
      dateReserved: "2002-07-30T00:00:00",
      dateUpdated: "2024-08-08T03:03:48.882Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-4685
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 23:53
Severity ?
Summary
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T23:53:28.695Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "15331",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15331",
               },
               {
                  name: "20051104 Browser cookie handling: possible cross-domain cookie sharing",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html",
               },
               {
                  name: "konqueror-cookie-information-disclosure(25291)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-11-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "15331",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15331",
            },
            {
               name: "20051104 Browser cookie handling: possible cross-domain cookie sharing",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html",
            },
            {
               name: "konqueror-cookie-information-disclosure(25291)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-4685",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "15331",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15331",
                  },
                  {
                     name: "20051104 Browser cookie handling: possible cross-domain cookie sharing",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html",
                  },
                  {
                     name: "konqueror-cookie-information-disclosure(25291)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-4685",
      datePublished: "2006-02-01T02:00:00",
      dateReserved: "2006-01-31T00:00:00",
      dateUpdated: "2024-08-07T23:53:28.695Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0908
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:48.209Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "11179",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11179",
               },
               {
                  name: "VU#460528",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/460528",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
               },
               {
                  name: "oval:org.mitre.oval:def:9745",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
               },
               {
                  name: "GLSA-200409-26",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
               },
               {
                  name: "mozilla-shortcut-clipboard-access(17376)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376",
               },
               {
                  name: "SSRT4826",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
               },
               {
                  name: "12526",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12526",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "11179",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11179",
            },
            {
               name: "VU#460528",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/460528",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
            },
            {
               name: "oval:org.mitre.oval:def:9745",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
            },
            {
               name: "GLSA-200409-26",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
            },
            {
               name: "mozilla-shortcut-clipboard-access(17376)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376",
            },
            {
               name: "SSRT4826",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
            },
            {
               name: "12526",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12526",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0908",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "11179",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11179",
                  },
                  {
                     name: "VU#460528",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/460528",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=257523",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9745",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
                  },
                  {
                     name: "GLSA-200409-26",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200409-26.xml",
                  },
                  {
                     name: "mozilla-shortcut-clipboard-access(17376)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17376",
                  },
                  {
                     name: "SSRT4826",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=109698896104418&w=2",
                  },
                  {
                     name: "12526",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12526",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0908",
      datePublished: "2004-09-24T04:00:00",
      dateReserved: "2004-09-23T00:00:00",
      dateUpdated: "2024-08-08T00:31:48.209Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-2659
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-08 01:36
Severity ?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:36:25.045Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
               },
               {
                  name: "20040407 Race conditions in security dialogs",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-07-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears.  NOTE: this is a different issue than CVE-2005-2407.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2006-08-25T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
            },
            {
               name: "20040407 Race conditions in security dialogs",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-2659",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears.  NOTE: this is a different issue than CVE-2005-2407.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
                     refsource: "MISC",
                     url: "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
                  },
                  {
                     name: "20040407 Race conditions in security dialogs",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-2659",
      datePublished: "2006-04-29T10:00:00",
      dateReserved: "2006-04-28T00:00:00",
      dateUpdated: "2024-08-08T01:36:25.045Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2000-0655
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
Summary
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T05:28:40.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2000:046",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2000-046.html",
               },
               {
                  name: "1503",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/1503",
               },
               {
                  name: "TLSA2000017-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_TURBO",
                     "x_transferred",
                  ],
                  url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html",
               },
               {
                  name: "FreeBSD-SA-00:39",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc",
               },
               {
                  name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com",
               },
               {
                  name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html",
               },
               {
                  name: "20000801 MDKSA-2000:027-1 netscape update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html",
               },
               {
                  name: "20000810 Conectiva Linux Security Announcement - netscape",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html",
               },
               {
                  name: "NetBSD-SA2000-011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_NETBSD",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2000-07-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2004-09-02T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2000:046",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2000-046.html",
            },
            {
               name: "1503",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/1503",
            },
            {
               name: "TLSA2000017-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_TURBO",
               ],
               url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html",
            },
            {
               name: "FreeBSD-SA-00:39",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc",
            },
            {
               name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com",
            },
            {
               name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html",
            },
            {
               name: "20000801 MDKSA-2000:027-1 netscape update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html",
            },
            {
               name: "20000810 Conectiva Linux Security Announcement - netscape",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html",
            },
            {
               name: "NetBSD-SA2000-011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
               ],
               url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2000-0655",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2000:046",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2000-046.html",
                  },
                  {
                     name: "1503",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/1503",
                  },
                  {
                     name: "TLSA2000017-1",
                     refsource: "TURBO",
                     url: "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html",
                  },
                  {
                     name: "FreeBSD-SA-00:39",
                     refsource: "FREEBSD",
                     url: "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc",
                  },
                  {
                     name: "20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com",
                  },
                  {
                     name: "20000823 Security Hole in Netscape, Versions 4.x, possibly others",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/suse_security_announce_60.html",
                  },
                  {
                     name: "20000801 MDKSA-2000:027-1 netscape update",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html",
                  },
                  {
                     name: "20000810 Conectiva Linux Security Announcement - netscape",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html",
                  },
                  {
                     name: "NetBSD-SA2000-011",
                     refsource: "NETBSD",
                     url: "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2000-0655",
      datePublished: "2000-10-13T04:00:00",
      dateReserved: "2000-08-02T00:00:00",
      dateUpdated: "2024-08-08T05:28:40.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2001-1490
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
Summary
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/7709vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/245152mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3684vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T04:58:11.390Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "win-browser-image-dos(7709)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709",
               },
               {
                  name: "20011211 Browsers fails on big image count",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/245152",
               },
               {
                  name: "3684",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/3684",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2001-12-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "win-browser-image-dos(7709)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709",
            },
            {
               name: "20011211 Browsers fails on big image count",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/245152",
            },
            {
               name: "3684",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/3684",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2001-1490",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "win-browser-image-dos(7709)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709",
                  },
                  {
                     name: "20011211 Browsers fails on big image count",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/245152",
                  },
                  {
                     name: "3684",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/3684",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2001-1490",
      datePublished: "2005-06-21T04:00:00",
      dateReserved: "2005-06-21T00:00:00",
      dateUpdated: "2024-08-08T04:58:11.390Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0760
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.542Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "oval:org.mitre.oval:def:11090",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "oval:org.mitre.oval:def:1227",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
               },
               {
                  name: "mozilla-modify-mime-type(16691)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "oval:org.mitre.oval:def:11090",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "oval:org.mitre.oval:def:1227",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
            },
            {
               name: "mozilla-modify-mime-type(16691)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0760",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "oval:org.mitre.oval:def:11090",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "oval:org.mitre.oval:def:1227",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=250906",
                  },
                  {
                     name: "mozilla-modify-mime-type(16691)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16691",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0760",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.542Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0147
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:24.870Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "mozilla-407-proxy-obtain-information(19174)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
               },
               {
                  name: "RHSA-2005:323",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
               },
               {
                  name: "12407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12407",
               },
               {
                  name: "oval:org.mitre.oval:def:100049",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
               },
               {
                  name: "oval:org.mitre.oval:def:9578",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-01-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "mozilla-407-proxy-obtain-information(19174)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
            },
            {
               name: "RHSA-2005:323",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
            },
            {
               name: "12407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12407",
            },
            {
               name: "oval:org.mitre.oval:def:100049",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
            },
            {
               name: "oval:org.mitre.oval:def:9578",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0147",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "mozilla-407-proxy-obtain-information(19174)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19174",
                  },
                  {
                     name: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/security/announce/mfsa2005-09.html",
                  },
                  {
                     name: "RHSA-2005:323",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2005-323.html",
                  },
                  {
                     name: "12407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12407",
                  },
                  {
                     name: "oval:org.mitre.oval:def:100049",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049",
                  },
                  {
                     name: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.mozilla.org/show_bug.cgi?id=267263",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9578",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0147",
      datePublished: "2005-01-29T05:00:00",
      dateReserved: "2005-01-25T00:00:00",
      dateUpdated: "2024-08-07T21:05:24.870Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-0761
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:31:46.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SCOSA-2005.49",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SCO",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
               },
               {
                  name: "SUSE-SA:2004:036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
               },
               {
                  name: "RHSA-2004:421",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
               },
               {
                  name: "FLSA:2089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
               },
               {
                  name: "15495",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/15495",
               },
               {
                  name: "oval:org.mitre.oval:def:3603",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
               },
               {
                  name: "mozilla-redirect-ssl-spoof(16871)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871",
               },
               {
                  name: "oval:org.mitre.oval:def:9240",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SCOSA-2005.49",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SCO",
               ],
               url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
            },
            {
               name: "SUSE-SA:2004:036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
            },
            {
               name: "RHSA-2004:421",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
            },
            {
               name: "FLSA:2089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
            },
            {
               name: "15495",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/15495",
            },
            {
               name: "oval:org.mitre.oval:def:3603",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
            },
            {
               name: "mozilla-redirect-ssl-spoof(16871)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871",
            },
            {
               name: "oval:org.mitre.oval:def:9240",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-0761",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SCOSA-2005.49",
                     refsource: "SCO",
                     url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt",
                  },
                  {
                     name: "SUSE-SA:2004:036",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html",
                  },
                  {
                     name: "RHSA-2004:421",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2004-421.html",
                  },
                  {
                     name: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                     refsource: "CONFIRM",
                     url: "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
                  },
                  {
                     name: "FLSA:2089",
                     refsource: "FEDORA",
                     url: "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
                  },
                  {
                     name: "15495",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/15495",
                  },
                  {
                     name: "oval:org.mitre.oval:def:3603",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603",
                  },
                  {
                     name: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
                     refsource: "CONFIRM",
                     url: "http://bugzilla.mozilla.org/show_bug.cgi?id=240053",
                  },
                  {
                     name: "mozilla-redirect-ssl-spoof(16871)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16871",
                  },
                  {
                     name: "oval:org.mitre.oval:def:9240",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-0761",
      datePublished: "2004-08-03T04:00:00",
      dateReserved: "2004-08-02T00:00:00",
      dateUpdated: "2024-08-08T00:31:46.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2003-0300
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
References
http://marc.info/?l=bugtraq&m=105294024124163&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:50:47.085Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20030514 Buffer overflows in multiple IMAP clients",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2003-05-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-10-17T13:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20030514 Buffer overflows in multiple IMAP clients",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2003-0300",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20030514 Buffer overflows in multiple IMAP clients",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2003-0300",
      datePublished: "2003-05-15T04:00:00",
      dateReserved: "2003-05-14T00:00:00",
      dateUpdated: "2024-08-08T01:50:47.085Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-0238
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:05:25.460Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.shmoo.com/idn/homograph.txt",
               },
               {
                  name: "multiple-browsers-idn-spoof(19236)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
               },
               {
                  name: "20050206 state of homograph attacks",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.shmoo.com/idn",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
               },
               {
                  name: "12461",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12461",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.shmoo.com/idn/homograph.txt",
            },
            {
               name: "multiple-browsers-idn-spoof(19236)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
            },
            {
               name: "20050206 state of homograph attacks",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.shmoo.com/idn",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
            },
            {
               name: "12461",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12461",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2005-0238",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.shmoo.com/idn/homograph.txt",
                     refsource: "MISC",
                     url: "http://www.shmoo.com/idn/homograph.txt",
                  },
                  {
                     name: "multiple-browsers-idn-spoof(19236)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236",
                  },
                  {
                     name: "20050206 state of homograph attacks",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html",
                  },
                  {
                     name: "http://www.shmoo.com/idn",
                     refsource: "MISC",
                     url: "http://www.shmoo.com/idn",
                  },
                  {
                     name: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
                  },
                  {
                     name: "12461",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12461",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-0238",
      datePublished: "2005-02-07T05:00:00",
      dateReserved: "2005-02-07T00:00:00",
      dateUpdated: "2024-08-07T21:05:25.460Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2265
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
References
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://www.ciac.org/ciac/bulletins/p-252.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://www.mozilla.org/security/announce/mfsa2005-50.htmlx_refsource_CONFIRM
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16059third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16044third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397vdb-entry, signature, x_refsource_OVAL
http://www.networksecurity.fi/advisories/netscape-multiple-issues.htmlx_refsource_MISC
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=295854x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16043third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:49.011Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "P-252",
                  tags: [
                     "third-party-advisory",
                     "government-resource",
                     "x_refsource_CIAC",
                     "x_transferred",
                  ],
                  url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-50.html",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "16059",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16059",
               },
               {
                  name: "16044",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16044",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10397",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  name: "16043",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/16043",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:417",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417",
               },
               {
                  name: "oval:org.mitre.oval:def:781",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781",
               },
               {
                  name: "oval:org.mitre.oval:def:100008",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "P-252",
               tags: [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
               ],
               url: "http://www.ciac.org/ciac/bulletins/p-252.shtml",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-50.html",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "16059",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16059",
            },
            {
               name: "16044",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16044",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "oval:org.mitre.oval:def:10397",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.mozilla.org/show_bug.cgi?id=295854",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               name: "16043",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/16043",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:417",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417",
            },
            {
               name: "oval:org.mitre.oval:def:781",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781",
            },
            {
               name: "oval:org.mitre.oval:def:100008",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2265",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:49.011Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-6498
Vulnerability from cvelistv5
Published
2006-12-20 01:00
Modified
2024-08-07 20:26
Severity ?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
References
http://www.securityfocus.com/bid/21668vdb-entry, x_refsource_BID
http://secunia.com/advisories/23433third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23439third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23672third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5068vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/23468third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2006-0758.htmlvendor-advisory, x_refsource_REDHAT
http://securitytracker.com/id?1017398vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1265vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/24078third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23692third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-398-2vendor-advisory, x_refsource_UBUNTU
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/23282third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24390third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2006/mfsa2006-68.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661vdb-entry, signature, x_refsource_OVAL
http://fedoranews.org/cms/node/2297vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/23422third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisory, x_refsource_HP
http://secunia.com/advisories/23591third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017405vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23614third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017406vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2006-0759.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-398-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/0083vdb-entry, x_refsource_VUPEN
http://fedoranews.org/cms/node/2338vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/23420third-party-advisory, x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/23440third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/455145/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/427972third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/23545third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23618third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlthird-party-advisory, x_refsource_CERT
http://www.kb.cert.org/vuls/id/447772third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/23589third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2007/dsa-1253vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2007/dsa-1258vendor-advisory, x_refsource_DEBIAN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisory, x_refsource_HP
https://issues.rpath.com/browse/RPL-883x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/455728/100/200/threadedmailing-list, x_refsource_BUGTRAQ
http://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/23601third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23988third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/23514third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200701-02.xmlvendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2006-0760.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2007/2106vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/usn-400-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/25556third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T20:26:46.581Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "21668",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/21668",
               },
               {
                  name: "23433",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23433",
               },
               {
                  name: "23439",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23439",
               },
               {
                  name: "23672",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23672",
               },
               {
                  name: "ADV-2006-5068",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/5068",
               },
               {
                  name: "23468",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23468",
               },
               {
                  name: "RHSA-2006:0758",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html",
               },
               {
                  name: "1017398",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1017398",
               },
               {
                  name: "DSA-1265",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2007/dsa-1265",
               },
               {
                  name: "24078",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24078",
               },
               {
                  name: "23692",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23692",
               },
               {
                  name: "USN-398-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-398-2",
               },
               {
                  name: "GLSA-200701-04",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml",
               },
               {
                  name: "23282",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23282",
               },
               {
                  name: "24390",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24390",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10661",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661",
               },
               {
                  name: "FEDORA-2006-1491",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://fedoranews.org/cms/node/2297",
               },
               {
                  name: "23422",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23422",
               },
               {
                  name: "HPSBUX02153",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
               },
               {
                  name: "23591",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23591",
               },
               {
                  name: "1017405",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1017405",
               },
               {
                  name: "23614",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23614",
               },
               {
                  name: "1017406",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1017406",
               },
               {
                  name: "RHSA-2006:0759",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html",
               },
               {
                  name: "USN-398-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-398-1",
               },
               {
                  name: "ADV-2008-0083",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/0083",
               },
               {
                  name: "FEDORA-2007-004",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://fedoranews.org/cms/node/2338",
               },
               {
                  name: "23420",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23420",
               },
               {
                  name: "20061202-01-P",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SGI",
                     "x_transferred",
                  ],
                  url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc",
               },
               {
                  name: "23440",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23440",
               },
               {
                  name: "SUSE-SA:2006:080",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html",
               },
               {
                  name: "20061222 rPSA-2006-0234-1 firefox",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded",
               },
               {
                  name: "VU#427972",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/427972",
               },
               {
                  name: "23545",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23545",
               },
               {
                  name: "23618",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23618",
               },
               {
                  name: "TA06-354A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html",
               },
               {
                  name: "VU#447772",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/447772",
               },
               {
                  name: "23589",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23589",
               },
               {
                  name: "DSA-1253",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2007/dsa-1253",
               },
               {
                  name: "DSA-1258",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2007/dsa-1258",
               },
               {
                  name: "SSRT061181",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-883",
               },
               {
                  name: "20070102 rPSA-2006-0234-2 firefox thunderbird",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded",
               },
               {
                  name: "SUSE-SA:2007:006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html",
               },
               {
                  name: "23601",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23601",
               },
               {
                  name: "23988",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23988",
               },
               {
                  name: "102955",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1",
               },
               {
                  name: "23514",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/23514",
               },
               {
                  name: "GLSA-200701-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200701-02.xml",
               },
               {
                  name: "RHSA-2006:0760",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html",
               },
               {
                  name: "ADV-2007-2106",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/2106",
               },
               {
                  name: "USN-400-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-400-1",
               },
               {
                  name: "25556",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25556",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-12-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-17T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "21668",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/21668",
            },
            {
               name: "23433",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23433",
            },
            {
               name: "23439",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23439",
            },
            {
               name: "23672",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23672",
            },
            {
               name: "ADV-2006-5068",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/5068",
            },
            {
               name: "23468",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23468",
            },
            {
               name: "RHSA-2006:0758",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2006-0758.html",
            },
            {
               name: "1017398",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1017398",
            },
            {
               name: "DSA-1265",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2007/dsa-1265",
            },
            {
               name: "24078",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24078",
            },
            {
               name: "23692",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23692",
            },
            {
               name: "USN-398-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-398-2",
            },
            {
               name: "GLSA-200701-04",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml",
            },
            {
               name: "23282",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23282",
            },
            {
               name: "24390",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24390",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html",
            },
            {
               name: "oval:org.mitre.oval:def:10661",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661",
            },
            {
               name: "FEDORA-2006-1491",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://fedoranews.org/cms/node/2297",
            },
            {
               name: "23422",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23422",
            },
            {
               name: "HPSBUX02153",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
            },
            {
               name: "23591",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23591",
            },
            {
               name: "1017405",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1017405",
            },
            {
               name: "23614",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23614",
            },
            {
               name: "1017406",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1017406",
            },
            {
               name: "RHSA-2006:0759",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2006-0759.html",
            },
            {
               name: "USN-398-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-398-1",
            },
            {
               name: "ADV-2008-0083",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/0083",
            },
            {
               name: "FEDORA-2007-004",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://fedoranews.org/cms/node/2338",
            },
            {
               name: "23420",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23420",
            },
            {
               name: "20061202-01-P",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SGI",
               ],
               url: "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc",
            },
            {
               name: "23440",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23440",
            },
            {
               name: "SUSE-SA:2006:080",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html",
            },
            {
               name: "20061222 rPSA-2006-0234-1 firefox",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/455145/100/0/threaded",
            },
            {
               name: "VU#427972",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/427972",
            },
            {
               name: "23545",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23545",
            },
            {
               name: "23618",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23618",
            },
            {
               name: "TA06-354A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA06-354A.html",
            },
            {
               name: "VU#447772",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/447772",
            },
            {
               name: "23589",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23589",
            },
            {
               name: "DSA-1253",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2007/dsa-1253",
            },
            {
               name: "DSA-1258",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2007/dsa-1258",
            },
            {
               name: "SSRT061181",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-883",
            },
            {
               name: "20070102 rPSA-2006-0234-2 firefox thunderbird",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/455728/100/200/threaded",
            },
            {
               name: "SUSE-SA:2007:006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html",
            },
            {
               name: "23601",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23601",
            },
            {
               name: "23988",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23988",
            },
            {
               name: "102955",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1",
            },
            {
               name: "23514",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/23514",
            },
            {
               name: "GLSA-200701-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200701-02.xml",
            },
            {
               name: "RHSA-2006:0760",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2006-0760.html",
            },
            {
               name: "ADV-2007-2106",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/2106",
            },
            {
               name: "USN-400-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-400-1",
            },
            {
               name: "25556",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25556",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2006-6498",
      datePublished: "2006-12-20T01:00:00",
      dateReserved: "2006-12-13T00:00:00",
      dateUpdated: "2024-08-07T20:26:46.581Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2005-2266
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
References
http://secunia.com/advisories/15549third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-810vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/15553third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/19823third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-587.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2005/1075vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-601.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/15551third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2005_45_mozilla.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/14242vdb-entry, x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2005-586.htmlvendor-advisory, x_refsource_REDHAT
http://www.mozilla.org/security/announce/mfsa2005-52.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2006_04_25.htmlvendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/21332vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T22:22:48.659Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "15549",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15549",
               },
               {
                  name: "DSA-810",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2005/dsa-810",
               },
               {
                  name: "SUSE-SR:2005:018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
               },
               {
                  name: "15553",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15553",
               },
               {
                  name: "FLSA:160202",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
               },
               {
                  name: "19823",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19823",
               },
               {
                  name: "RHSA-2005:587",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
               },
               {
                  name: "ADV-2005-1075",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2005/1075",
               },
               {
                  name: "RHSA-2005:601",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
               },
               {
                  name: "15551",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/15551",
               },
               {
                  name: "oval:org.mitre.oval:def:100107",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107",
               },
               {
                  name: "oval:org.mitre.oval:def:1415",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415",
               },
               {
                  name: "SUSE-SA:2005:045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
               },
               {
                  name: "14242",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/14242",
               },
               {
                  name: "RHSA-2005:586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.mozilla.org/security/announce/mfsa2005-52.html",
               },
               {
                  name: "oval:org.mitre.oval:def:10712",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712",
               },
               {
                  name: "SUSE-SA:2006:022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
               },
               {
                  name: "oval:org.mitre.oval:def:773",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773",
               },
               {
                  name: "mozilla-frame-topfocus-xss(21332)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "15549",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15549",
            },
            {
               name: "DSA-810",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2005/dsa-810",
            },
            {
               name: "SUSE-SR:2005:018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_18_sr.html",
            },
            {
               name: "15553",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15553",
            },
            {
               name: "FLSA:160202",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202",
            },
            {
               name: "19823",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19823",
            },
            {
               name: "RHSA-2005:587",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-587.html",
            },
            {
               name: "ADV-2005-1075",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2005/1075",
            },
            {
               name: "RHSA-2005:601",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-601.html",
            },
            {
               name: "15551",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/15551",
            },
            {
               name: "oval:org.mitre.oval:def:100107",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107",
            },
            {
               name: "oval:org.mitre.oval:def:1415",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415",
            },
            {
               name: "SUSE-SA:2005:045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html",
            },
            {
               name: "14242",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/14242",
            },
            {
               name: "RHSA-2005:586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2005-586.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.mozilla.org/security/announce/mfsa2005-52.html",
            },
            {
               name: "oval:org.mitre.oval:def:10712",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712",
            },
            {
               name: "SUSE-SA:2006:022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2006_04_25.html",
            },
            {
               name: "oval:org.mitre.oval:def:773",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773",
            },
            {
               name: "mozilla-frame-topfocus-xss(21332)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21332",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2005-2266",
      datePublished: "2005-07-13T04:00:00",
      dateReserved: "2005-07-13T00:00:00",
      dateUpdated: "2024-08-07T22:22:48.659Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}