Filtered by vendor Mozilla
Subscriptions
Filtered by product Mozilla
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2266 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. | ||||
| CVE-2006-0496 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. | ||||
| CVE-2002-0354 | 3 Mozilla, Netscape, Redhat | 3 Mozilla, Navigator, Linux | 2025-04-03 | N/A |
| The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | ||||
| CVE-2005-4874 | 1 Mozilla | 1 Mozilla | 2025-04-03 | N/A |
| The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | ||||
| CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2025-04-03 | N/A |
| The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | ||||
| CVE-2002-2359 | 1 Mozilla | 1 Mozilla | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | ||||
| CVE-2004-0478 | 1 Mozilla | 1 Mozilla | 2025-04-03 | N/A |
| Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. | ||||
| CVE-2004-0722 | 3 Mozilla, Netscape, Redhat | 3 Mozilla, Navigator, Enterprise Linux | 2025-04-03 | N/A |
| Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||||
| CVE-2004-0760 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||||