CVSS: 8.1EPSS: 2%CPEs: 53EXPL: 2CVE-2004-0908
https://notcve.org/view.php?id=CVE-2004-0908
24 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. • http://bugzilla.mozilla.org/show_bug.cgi?id=257523 •
CVSS: 6.5EPSS: 6%CPEs: 53EXPL: 1CVE-2004-0909
https://notcve.org/view.php?id=CVE-2004-0909
24 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. • http://bugzilla.mozilla.org/show_bug.cgi?id=253942 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0871
https://notcve.org/view.php?id=CVE-2004-0871
16 Sep 2004 — Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." • http://securityfocus.com/archive/1/375407 •
CVSS: 9.6EPSS: 5%CPEs: 62EXPL: 1CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
14 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2004-0779
https://notcve.org/view.php?id=CVE-2004-0779
14 Aug 2004 — The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contraseñas almacenadas en caché de sitios cifrados con SSL sean sólo enviadas mediante sesiones cifradas con el sitio, lo que... • http://bugzilla.mozilla.org/show_bug.cgi?id=226278 •
CVSS: 10.0EPSS: 23%CPEs: 3EXPL: 1CVE-2004-0722 – Mozilla 1.x / Netscape 7.0/7.1 - SOAP Integer Overflow
https://notcve.org/view.php?id=CVE-2004-0722
03 Aug 2004 — Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección. • https://www.exploit-db.com/exploits/24346 •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0CVE-2004-0757
https://notcve.org/view.php?id=CVE-2004-0757
03 Aug 2004 — Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. Desbordamiento de búfer basado en el montón en SenUidl en la capacidad POP3 de Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, puede permitir a servidores POP3 remotos ejecutar código arbitrario. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 0CVE-2004-0758
https://notcve.org/view.php?id=CVE-2004-0758
03 Aug 2004 — Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. Mozilla 1.5 a 1.7 permiten que un certificado de AC (Autoridad Certificadora) sea importado incluso cuando su DN es el mismo de la AC raíz propia, lo que permite a atacantes remotos causar una denegación de servicio a páginas SSL porque el cert... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0759
https://notcve.org/view.php?id=CVE-2004-0759
03 Aug 2004 — Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. Mozilla anteriores a 1.7 permiten a servidores web remotos leer ficheros de su elección mediante JavaScript que establece el valor de una etiqueta <input type="file">. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 6.4EPSS: 13%CPEs: 1EXPL: 1CVE-2004-0760 – Mozilla Browser 0.9/1.x Cache File - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0760
03 Aug 2004 — Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. Mozilla permite a atacantes remotos causar que Mozilla abra una URI como de un tipo MIME distinto al esperado mediante un carácter nulo (%00) en una URI FTP. • https://www.exploit-db.com/exploits/24276 •