CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0298
https://notcve.org/view.php?id=CVE-2003-0298
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 http://www.iss.net/security_center/static/9287.php http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 2CVE-2002-2013
https://notcve.org/view.php?id=CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. • http://alive.znep.com/~marcs/security/mozillacookie/demo.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html http://www.iss.net/security_center/static/7973.php http://www.securityfocus.com/bid/3925 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 4CVE-2002-2314 – Mozilla 0.9.x/1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
https://notcve.org/view.php?id=CVE-2002-2314
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. • https://www.exploit-db.com/exploits/21638 http://bugzilla.mozilla.org/show_bug.cgi?id=152725 http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html http://seclists.org/bugtraq/2002/Jul/0260.html http://www.iss.net/security_center/static/9656.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://www.securityfocus.com/bid/5293 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 4%CPEs: 36EXPL: 2CVE-2002-2338 – Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service
https://notcve.org/view.php?id=CVE-2002-2338
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. • https://www.exploit-db.com/exploits/21539 http://bugzilla.mozilla.org/show_bug.cgi?id=144228 http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://online.securityfocus.com/archive/1/276628 http://www.iss.net/security_center/static/9343.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 http://www.securityfocus.com/archive/1/276946 http://www.securityfocus.com/bid/5002 • CWE-20: Improper Input Validation •