Search criteria
324 vulnerabilities found for mozilla by mozilla
FKIE_CVE-2009-3014
Vulnerability from fkie_nvd - Published: 2009-08-31 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
"versionEndIncluding": "3.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52624B41-AB34-40AD-8709-D9646B618AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "917E9856-9556-4FD6-A834-858F8837A6B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98BBD74D-930C-4D80-A91B-0D61347BAA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF2E696-883D-4DE5-8B79-D8E5D9470253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "94E04FD9-38E8-462D-82C2-729F7F7F0465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5888517E-3C57-4A0A-9895-EA4BCB0A0ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB21291-B9F3-445E-A9E9-EA1822083DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*",
"matchCriteriaId": "C100B62E-9199-4983-AFC2-EBC55AF230BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*",
"matchCriteriaId": "4C5C2EED-CA12-416C-8695-18DD215B0351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9239E8A-8155-462A-A409-D66FF6B94B04",
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6B0681-B96F-405C-8042-1BF2DDB41648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
"matchCriteriaId": "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "347AB95F-166E-449A-82D7-BEC10257E0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "2637D552-4A3D-4867-B52A-ACCED8681AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC237C8-CFE0-4128-B549-93CD16894E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "367A5D46-0FF3-4140-9478-251363822E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DE4889-424F-4A44-8C14-9F18821CE961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "098458D4-635B-4A4D-9472-39370094E1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB559BD-4BF7-417F-962F-B8971FF1614B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header."
},
{
"lang": "es",
"value": "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no manejan de forma adecuada las URIs javascript en los enlaces HTML incluidos en los documentos de error 302 enviados desde servidores web, lo que permite a atacantes remotos asistidos por usuarios realizar un ataque de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de vectores relativos a (1) inyectar una cabecera Location de respuesta HTTP o (2) especificando el contenidos de una cabecera Location de respuesta HTTP.\r\n"
}
],
"id": "CVE-2009-3014",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-31T16:30:06.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3010
Vulnerability from fkie_nvd - Published: 2009-08-31 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://websecurity.com.ua/3315/ | Exploit | |
| cve@mitre.org | http://websecurity.com.ua/3386/ | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/52999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/3315/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://websecurity.com.ua/3386/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52999 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
"versionEndIncluding": "3.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.6:a1_prerelease:*:*:*:*:*:*",
"matchCriteriaId": "A5CA287A-0263-4F6A-B685-E243D42FCFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.7:a1_prerelease:*:*:*:*:*:*",
"matchCriteriaId": "DCCEA654-2A7F-4950-9FC3-015E2E4582B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9F1412-B29B-4D13-AEEA-4AF7B12260D0",
"versionEndIncluding": "1.7.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB559BD-4BF7-417F-962F-B8971FF1614B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site."
},
{
"lang": "es",
"value": "Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1 pre; SeaMonkey v1.1.17; y Mozilla v1.7.x y anteriores no bloquean de forma adecuada las URIs data: en las cabeceras Refresh de las respuestas HTTP, lo que permite a atacantes remotos realizar ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de vectores relativos a (1) inyectar una cabecera Refresh que contiene secuencias Javascript en una URI data:text/html p (2) introduciendo una URI data:text/html con secuencias javascript cuando se especifica el contenido de una cabecera Refresh. NOTA: en algunas versiones del producto, el javascript se ejecuta fuera del contexto del sitio HTTP."
}
],
"id": "CVE-2009-3010",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-31T16:30:06.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4039
Vulnerability from fkie_nvd - Published: 2007-07-27 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E59CDD-9F95-4E38-95B3-AC5C35075378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de argumento involucrando a Mozilla, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de navegador y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola de comandos en un URI no especificado, que son insertados en una l\u00ednea de comando al invocar al proceso gestor, asunto similar a CVE-2007-3670."
}
],
"id": "CVE-2007-4039",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2007-07-27T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.",
"lastModified": "2007-07-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2007-3144
Vulnerability from fkie_nvd - Published: 2007-06-11 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BD8D89-4936-402C-973D-5F4B071806D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."
},
{
"lang": "es",
"value": "Vulnerabilidad de truncamiento visual en Mozilla 1.7.12 permite a atacantes remotos envenenar la barra de direcci\u00f3n y posiblemente conducir ataques de phishing a trav\u00e9s de un nombre de host largo, el cual est\u00e1 truncado despu\u00e9s de un cierto n\u00famero de caracteres, como se demostr\u00f3 por un ataque de phishing utilizando HTTP Basic Authentication."
}
],
"id": "CVE-2007-3144",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-11T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43466"
},
{
"source": "cve@mitre.org",
"url": "http://testing.bitsploit.de/test.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.0x000000.com/?i=334"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://testing.bitsploit.de/test.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.0x000000.com/?i=334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue.\n",
"lastModified": "2007-08-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1794
Vulnerability from fkie_nvd - Published: 2007-04-02 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*",
"matchCriteriaId": "DBEB91FE-FB39-4AB2-8172-2A47EC59861B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9239E8A-8155-462A-A409-D66FF6B94B04",
"versionEndIncluding": "1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805."
},
{
"lang": "es",
"value": "El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores que afectan al colector de basura que provoca el borrado de un objeto temporal que todav\u00eda se est\u00e1 utilizando. NOTA: este asunto podr\u00eda estar relacionado con CVE-2006-3805."
}
],
"id": "CVE-2007-1794",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6498
Vulnerability from fkie_nvd - Published: 2006-12-20 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE6185-09F4-48E3-9742-F9D8030B5774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E565E5-286D-4A68-B085-5659DFE59A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5263F879-9B90-4582-B677-F133DEBE5259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C256B73C-9ABC-43D4-8C57-09161BC9F923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "055D1044-9FC5-45AA-8407-649E96C5AFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1C87A5-C14D-4A23-B865-3BB1FCDC8470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4DB0BB-BFD7-4E7A-B3EF-9C5422602216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D56153-E20A-46D8-859E-A51E5C03D674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C51A6F4-F88F-4BF2-BF71-5DC48559C085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC390CB-774C-47BE-95C3-059943A9E645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DE7AC-553B-4524-8B33-5605518449EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72B02389-0DCD-45BC-A09F-CB6B75940616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "41AE4644-2D23-43EA-ABDA-7BE60EFD1EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C169DA-26BC-42EE-817B-2F0685069495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C99BAF7-B48E-4402-B2BF-EB07235E402E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F0C73F-291F-4A92-87B8-2269B5C1516D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C86FD617-E4FE-4F85-AAA4-4F968A9DEC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "938B1260-74A7-4CFF-8086-415DCC284430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E28672BA-E3C2-40C3-80E1-95B7CDD089E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9308147C-0A23-48BC-BFA9-A49B9D73014E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5CDA57-1A50-4EDB-80E2-D3EBB44EA653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33486-4956-4E2C-BA16-FA269A9D02BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104343E-93B6-4D4A-BC95-ED9F7E91FB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "381313EF-DF84-4F66-9962-DE8F45029D79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 y Mozilla 1.7 y puede que versiones anteriores en Solaris; permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos, teniendo impacto desconocido."
}
],
"id": "CVE-2006-6498",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-20T01:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2297"
},
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/cms/node/2338"
},
{
"source": "secalert@redhat.com",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23282"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23422"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23439"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23468"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23514"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23545"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23589"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23601"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23618"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23672"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23692"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23988"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24078"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24390"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25556"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017398"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017405"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017406"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/21668"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-3014 (GCVE-0-2009-3014)
Vulnerability from cvelistv5 – Published: 2009-08-31 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3373/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3373/"
},
{
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3014",
"datePublished": "2009-08-31T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3010 (GCVE-0-2009-3010)
Vulnerability from cvelistv5 – Published: 2009-08-31 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "http://websecurity.com.ua/3315/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3010",
"datePublished": "2009-08-31T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4874 (GCVE-0-2005-4874)
Vulnerability from cvelistv5 – Published: 2008-03-28 23:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4874",
"datePublished": "2008-03-28T23:00:00",
"dateReserved": "2008-03-28T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2359 (GCVE-0-2002-2359)
Vulnerability from cvelistv5 – Published: 2007-10-29 19:00 – Updated: 2024-09-16 19:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5403"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9757.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2359",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:22.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2338 (GCVE-0-2002-2338)
Vulnerability from cvelistv5 – Published: 2007-10-29 19:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9343.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9343.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5002"
},
{
"name": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource": "CONFIRM",
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9343.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2338",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:54.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2314 (GCVE-0-2002-2314)
Vulnerability from cvelistv5 – Published: 2007-10-26 19:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-26T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"name": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2314",
"datePublished": "2007-10-26T19:00:00Z",
"dateReserved": "2007-10-26T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:50.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4039 (GCVE-0-2007-4039)
Vulnerability from cvelistv5 – Published: 2007-07-27 22:00 – Updated: 2025-04-03 14:30
VLAI?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-4039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:28:46.060236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:30:14.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4039",
"datePublished": "2007-07-27T22:00:00.000Z",
"dateReserved": "2007-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:30:14.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3144 (GCVE-0-2007-3144)
Vulnerability from cvelistv5 – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://testing.bitsploit.de/test.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.0x000000.com/?i=334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://testing.bitsploit.de/test.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.0x000000.com/?i=334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"refsource": "OSVDB",
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"name": "http://testing.bitsploit.de/test.html",
"refsource": "MISC",
"url": "http://testing.bitsploit.de/test.html"
},
{
"name": "http://www.0x000000.com/?i=334",
"refsource": "MISC",
"url": "http://www.0x000000.com/?i=334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3144",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1794 (GCVE-0-2007-1794)
Vulnerability from cvelistv5 – Published: 2007-04-02 22:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102865",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1794",
"datePublished": "2007-04-02T22:00:00",
"dateReserved": "2007-04-02T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6498 (GCVE-0-2006-6498)
Vulnerability from cvelistv5 – Published: 2006-12-20 01:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21668"
},
{
"name": "23433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23433"
},
{
"name": "23439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23439"
},
{
"name": "23672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23672"
},
{
"name": "ADV-2006-5068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name": "23468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23468"
},
{
"name": "RHSA-2006:0758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"name": "1017398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017398"
},
{
"name": "DSA-1265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"name": "24078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24078"
},
{
"name": "23692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23692"
},
{
"name": "USN-398-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"name": "GLSA-200701-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name": "23282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23282"
},
{
"name": "24390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"name": "oval:org.mitre.oval:def:10661",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
},
{
"name": "FEDORA-2006-1491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2297"
},
{
"name": "23422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23422"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "23591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23591"
},
{
"name": "1017405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017405"
},
{
"name": "23614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23614"
},
{
"name": "1017406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017406"
},
{
"name": "RHSA-2006:0759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name": "USN-398-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "FEDORA-2007-004",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2338"
},
{
"name": "23420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23420"
},
{
"name": "20061202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name": "23440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23440"
},
{
"name": "SUSE-SA:2006:080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name": "20061222 rPSA-2006-0234-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name": "VU#427972",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"name": "23545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23545"
},
{
"name": "23618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23618"
},
{
"name": "TA06-354A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name": "VU#447772",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"name": "23589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23589"
},
{
"name": "DSA-1253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"name": "DSA-1258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"name": "20070102 rPSA-2006-0234-2 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name": "SUSE-SA:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name": "23601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23601"
},
{
"name": "23988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23988"
},
{
"name": "102955",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"name": "23514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23514"
},
{
"name": "GLSA-200701-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"name": "RHSA-2006:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name": "ADV-2007-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"name": "USN-400-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"name": "25556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21668"
},
{
"name": "23433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23433"
},
{
"name": "23439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23439"
},
{
"name": "23672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23672"
},
{
"name": "ADV-2006-5068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name": "23468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23468"
},
{
"name": "RHSA-2006:0758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"name": "1017398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017398"
},
{
"name": "DSA-1265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"name": "24078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24078"
},
{
"name": "23692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23692"
},
{
"name": "USN-398-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"name": "GLSA-200701-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name": "23282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23282"
},
{
"name": "24390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"name": "oval:org.mitre.oval:def:10661",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
},
{
"name": "FEDORA-2006-1491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2297"
},
{
"name": "23422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23422"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "23591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23591"
},
{
"name": "1017405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017405"
},
{
"name": "23614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23614"
},
{
"name": "1017406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017406"
},
{
"name": "RHSA-2006:0759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name": "USN-398-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "FEDORA-2007-004",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2338"
},
{
"name": "23420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23420"
},
{
"name": "20061202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name": "23440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23440"
},
{
"name": "SUSE-SA:2006:080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name": "20061222 rPSA-2006-0234-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name": "VU#427972",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"name": "23545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23545"
},
{
"name": "23618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23618"
},
{
"name": "TA06-354A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name": "VU#447772",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"name": "23589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23589"
},
{
"name": "DSA-1253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"name": "DSA-1258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"name": "20070102 rPSA-2006-0234-2 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name": "SUSE-SA:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name": "23601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23601"
},
{
"name": "23988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23988"
},
{
"name": "102955",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"name": "23514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23514"
},
{
"name": "GLSA-200701-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"name": "RHSA-2006:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name": "ADV-2007-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"name": "USN-400-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"name": "25556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25556"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6498",
"datePublished": "2006-12-20T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4809 (GCVE-0-2005-4809)
Vulnerability from cvelistv5 – Published: 2006-08-30 01:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4809",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2659 (GCVE-0-2004-2659)
Vulnerability from cvelistv5 – Published: 2006-04-29 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-25T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
"refsource": "MISC",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2659",
"datePublished": "2006-04-29T10:00:00",
"dateReserved": "2006-04-28T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3014 (GCVE-0-2009-3014)
Vulnerability from nvd – Published: 2009-08-31 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3373/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3373/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3373/"
},
{
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "firefox-seamonkey-javascript-xss(52995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52995"
},
{
"name": "20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3014",
"datePublished": "2009-08-31T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3010 (GCVE-0-2009-3010)
Vulnerability from nvd – Published: 2009-08-31 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3386/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name": "http://websecurity.com.ua/3315/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3315/"
},
{
"name": "firefox-seamonkey-data-xss(52999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3010",
"datePublished": "2009-08-31T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4874 (GCVE-0-2005-4874)
Vulnerability from nvd – Published: 2008-03-28 23:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4874",
"datePublished": "2008-03-28T23:00:00",
"dateReserved": "2008-03-28T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2359 (GCVE-0-2002-2359)
Vulnerability from nvd – Published: 2007-10-29 19:00 – Updated: 2024-09-16 19:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9757.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5403"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=154030"
},
{
"name": "20020806 Mozilla FTP View Cross-Site Scripting Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html"
},
{
"name": "multiple-ftp-view-xss(9757)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9757.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2359",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:22.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2338 (GCVE-0-2002-2338)
Vulnerability from nvd – Published: 2007-10-29 19:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9343.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9343.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5002"
},
{
"name": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource": "CONFIRM",
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9343.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2338",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:54.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2314 (GCVE-0-2002-2314)
Vulnerability from nvd – Published: 2007-10-26 19:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-26T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading \"//\" and ending in a newline, which causes the host/path check to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozilla-javascript-steal-cookies(9656)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9656.php"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=152725"
},
{
"name": "20020918 Mozilla vulnerabilities, an update",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html"
},
{
"name": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "20020724 Mozilla cookie stealing - Sandblad advisory #9",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2002/Jul/0260.html"
},
{
"name": "MDKSA-2002:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "5293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2314",
"datePublished": "2007-10-26T19:00:00Z",
"dateReserved": "2007-10-26T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:50.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4039 (GCVE-0-2007-4039)
Vulnerability from nvd – Published: 2007-07-27 22:00 – Updated: 2025-04-03 14:30
VLAI?
Summary
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-4039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:28:46.060236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:30:14.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4039",
"datePublished": "2007-07-27T22:00:00.000Z",
"dateReserved": "2007-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:30:14.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3144 (GCVE-0-2007-3144)
Vulnerability from nvd – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24352",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://testing.bitsploit.de/test.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.0x000000.com/?i=334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24352",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://testing.bitsploit.de/test.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.0x000000.com/?i=334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24352"
},
{
"name": "43466",
"refsource": "OSVDB",
"url": "http://osvdb.org/43466"
},
{
"name": "multiple-basic-authentication-spoofing(34983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983"
},
{
"name": "http://testing.bitsploit.de/test.html",
"refsource": "MISC",
"url": "http://testing.bitsploit.de/test.html"
},
{
"name": "http://www.0x000000.com/?i=334",
"refsource": "MISC",
"url": "http://www.0x000000.com/?i=334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3144",
"datePublished": "2007-06-11T18:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1794 (GCVE-0-2007-1794)
Vulnerability from nvd – Published: 2007-04-02 22:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102865",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1"
},
{
"name": "24624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24624"
},
{
"name": "ADV-2007-1178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1794",
"datePublished": "2007-04-02T22:00:00",
"dateReserved": "2007-04-02T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6498 (GCVE-0-2006-6498)
Vulnerability from nvd – Published: 2006-12-20 01:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21668"
},
{
"name": "23433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23433"
},
{
"name": "23439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23439"
},
{
"name": "23672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23672"
},
{
"name": "ADV-2006-5068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name": "23468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23468"
},
{
"name": "RHSA-2006:0758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"name": "1017398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017398"
},
{
"name": "DSA-1265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"name": "24078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24078"
},
{
"name": "23692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23692"
},
{
"name": "USN-398-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"name": "GLSA-200701-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name": "23282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23282"
},
{
"name": "24390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"name": "oval:org.mitre.oval:def:10661",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
},
{
"name": "FEDORA-2006-1491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2297"
},
{
"name": "23422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23422"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "23591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23591"
},
{
"name": "1017405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017405"
},
{
"name": "23614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23614"
},
{
"name": "1017406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017406"
},
{
"name": "RHSA-2006:0759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name": "USN-398-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "FEDORA-2007-004",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2338"
},
{
"name": "23420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23420"
},
{
"name": "20061202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name": "23440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23440"
},
{
"name": "SUSE-SA:2006:080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name": "20061222 rPSA-2006-0234-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name": "VU#427972",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"name": "23545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23545"
},
{
"name": "23618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23618"
},
{
"name": "TA06-354A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name": "VU#447772",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"name": "23589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23589"
},
{
"name": "DSA-1253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"name": "DSA-1258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"name": "20070102 rPSA-2006-0234-2 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name": "SUSE-SA:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name": "23601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23601"
},
{
"name": "23988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23988"
},
{
"name": "102955",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"name": "23514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23514"
},
{
"name": "GLSA-200701-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"name": "RHSA-2006:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name": "ADV-2007-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"name": "USN-400-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"name": "25556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21668"
},
{
"name": "23433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23433"
},
{
"name": "23439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23439"
},
{
"name": "23672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23672"
},
{
"name": "ADV-2006-5068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5068"
},
{
"name": "23468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23468"
},
{
"name": "RHSA-2006:0758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"
},
{
"name": "1017398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017398"
},
{
"name": "DSA-1265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1265"
},
{
"name": "24078",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24078"
},
{
"name": "23692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23692"
},
{
"name": "USN-398-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-398-2"
},
{
"name": "GLSA-200701-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"
},
{
"name": "23282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23282"
},
{
"name": "24390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html"
},
{
"name": "oval:org.mitre.oval:def:10661",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661"
},
{
"name": "FEDORA-2006-1491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2297"
},
{
"name": "23422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23422"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "23591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23591"
},
{
"name": "1017405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017405"
},
{
"name": "23614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23614"
},
{
"name": "1017406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017406"
},
{
"name": "RHSA-2006:0759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"
},
{
"name": "USN-398-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-398-1"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "FEDORA-2007-004",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2338"
},
{
"name": "23420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23420"
},
{
"name": "20061202-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"
},
{
"name": "23440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23440"
},
{
"name": "SUSE-SA:2006:080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"
},
{
"name": "20061222 rPSA-2006-0234-1 firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"
},
{
"name": "VU#427972",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/427972"
},
{
"name": "23545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23545"
},
{
"name": "23618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23618"
},
{
"name": "TA06-354A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"
},
{
"name": "VU#447772",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/447772"
},
{
"name": "23589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23589"
},
{
"name": "DSA-1253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1253"
},
{
"name": "DSA-1258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1258"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-883"
},
{
"name": "20070102 rPSA-2006-0234-2 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"
},
{
"name": "SUSE-SA:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"
},
{
"name": "23601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23601"
},
{
"name": "23988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23988"
},
{
"name": "102955",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1"
},
{
"name": "23514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23514"
},
{
"name": "GLSA-200701-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"
},
{
"name": "RHSA-2006:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"
},
{
"name": "ADV-2007-2106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2106"
},
{
"name": "USN-400-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-400-1"
},
{
"name": "25556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25556"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-6498",
"datePublished": "2006-12-20T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4809 (GCVE-0-2005-4809)
Vulnerability from nvd – Published: 2006-08-30 01:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozilla-save-link-as-dialog-spoofing(19540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
},
{
"name": "14568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14568"
},
{
"name": "12798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12798"
},
{
"name": "1013423",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=111073068631287\u0026w=2"
},
{
"name": "ADV-2005-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4809",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2659 (GCVE-0-2004-2659)
Vulnerability from nvd – Published: 2006-04-29 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-25T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
"refsource": "MISC",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name": "20040407 Race conditions in security dialogs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2659",
"datePublished": "2006-04-29T10:00:00",
"dateReserved": "2006-04-28T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}