CVSS: 5.0EPSS: 1%CPEs: 27EXPL: 2CVE-2004-1614
https://notcve.org/view.php?id=CVE-2004-1614
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://securitytracker.com/id?1011810 http://www.securityfocus.com/bid/11440 •
CVSS: 5.0EPSS: 1%CPEs: 43EXPL: 4CVE-2004-1613
https://notcve.org/view.php?id=CVE-2004-1613
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html http://marc.info/?l=bugtraq&m=109811406620511&w=2 http://securitytracker.com/id?1011810 http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.securityfocus.com/bid/11439 https://exchange.xforce.ibmcloud.com/vulnerabilities/17805 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227 •
CVSS: 5.1EPSS: 1%CPEs: 53EXPL: 1CVE-2004-0909
https://notcve.org/view.php?id=CVE-2004-0909
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. • http://bugzilla.mozilla.org/show_bug.cgi?id=253942 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://secunia.com/advisories/12526 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/113192 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17377 •
CVSS: 10.0EPSS: 11%CPEs: 34EXPL: 0CVE-2004-0903
https://notcve.org/view.php?id=CVE-2004-0903
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. • http://bugzilla.mozilla.org/show_bug.cgi?id=257314 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/414240 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11174 http://www.us-cert.gov/cas/techalerts& •
CVSS: 4.6EPSS: 0%CPEs: 54EXPL: 0CVE-2004-0906
https://notcve.org/view.php?id=CVE-2004-0906
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. • http://bugzilla.mozilla.org/show_bug.cgi?id=231083 http://bugzilla.mozilla.org/show_bug.cgi?id=235781 http://secunia.com/advisories/12526 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/653160 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.securityfocus.com/bid/11192 h •