CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0298
https://notcve.org/view.php?id=CVE-2003-0298
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 http://www.iss.net/security_center/static/9287.php http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 2CVE-2002-2013
https://notcve.org/view.php?id=CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. • http://alive.znep.com/~marcs/security/mozillacookie/demo.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html http://www.iss.net/security_center/static/7973.php http://www.securityfocus.com/bid/3925 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 4CVE-2002-2314 – Mozilla 0.9.x/1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
https://notcve.org/view.php?id=CVE-2002-2314
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. • https://www.exploit-db.com/exploits/21638 http://bugzilla.mozilla.org/show_bug.cgi?id=152725 http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html http://seclists.org/bugtraq/2002/Jul/0260.html http://www.iss.net/security_center/static/9656.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://www.securityfocus.com/bid/5293 • CWE-20: Improper Input Validation •