CVSS: 10.0EPSS: 56%CPEs: 34EXPL: 0CVE-2004-0902
https://notcve.org/view.php?id=CVE-2004-0902
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. • http://bugzilla.mozilla.org/show_bug.cgi?id=226669 http://bugzilla.mozilla.org/show_bug.cgi?id=245066 http://bugzilla.mozilla.org/show_bug.cgi?id=256316 http://bugzilla.mozilla.org/show_bug.cgi?id=258005 http://marc.info/? •
CVSS: 4.6EPSS: 0%CPEs: 53EXPL: 0CVE-2004-0907
https://notcve.org/view.php?id=CVE-2004-0907
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code. • http://bugzilla.mozilla.org/show_bug.cgi?id=254303 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 https://exchange.xforce.ibmcloud.com/vulnerabilities/17373 •
CVSS: 4.6EPSS: 1%CPEs: 62EXPL: 1CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/651928 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11177 http://www.us-cert.gov/cas/techalerts& •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1CVE-2004-0648 – Mozilla 1.7 - External Protocol Handler
https://notcve.org/view.php?id=CVE-2004-0648
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell: • https://www.exploit-db.com/exploits/24263 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html http://marc.info/?l=bugtraq&m=108938712815719&w=2 http://secunia.com/advisories/12027 http://www.ciac.org/ciac/bulletins/o-175.shtml http://www.kb.cert.org/vuls/id/927014 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/shell.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16655 •