CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVE-2002-2314 – Mozilla 0.9.x/1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
https://notcve.org/view.php?id=CVE-2002-2314
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. • https://www.exploit-db.com/exploits/21638 http://bugzilla.mozilla.org/show_bug.cgi?id=152725 http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html http://seclists.org/bugtraq/2002/Jul/0260.html http://www.iss.net/security_center/static/9656.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://www.securityfocus.com/bid/5293 • CWE-20: Improper Input Validation •
CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 http://www.iss.net/security_center/static/9287.php http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html •
CVE-2002-2338 – Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service
https://notcve.org/view.php?id=CVE-2002-2338
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. • https://www.exploit-db.com/exploits/21539 http://bugzilla.mozilla.org/show_bug.cgi?id=144228 http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html http://online.securityfocus.com/archive/1/276628 http://www.iss.net/security_center/static/9343.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 http://www.securityfocus.com/archive/1/276946 http://www.securityfocus.com/bid/5002 • CWE-20: Improper Input Validation •
CVE-2002-2359 – Mozilla 1.0/1.1 - FTP View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2359
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. • https://www.exploit-db.com/exploits/21682 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html http://bugzilla.mozilla.org/show_bug.cgi?id=154030 http://www.iss.net/security_center/static/9757.php http://www.securityfocus.com/bid/5403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •