Page 2 of 63 results (0.006 seconds)

CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •

CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 1

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. • http://secunia.com/advisories/16043 http://secunia.com/advisories/16059 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-48.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html http://www.redhat.com/support/errata/RHSA-2005-586.html http://www.redhat.com/support/errata/RHSA-2005-587.html http& •

CVSS: 7.5EPSS: 2%CPEs: 38EXPL: 0

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. • http://bugzilla.mozilla.org/show_bug.cgi?id=289940 http://secunia.com/advisories/16043 http://secunia.com/advisories/16044 http://secunia.com/advisories/16059 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-45.html http://www.networksecurity.fi/advisories/netscape-multiple-issues.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/secur •

CVSS: 7.5EPSS: 8%CPEs: 38EXPL: 4

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. • http://secunia.com/advisories/16043 http://secunia.com/advisories/16059 http://secunia.com/advisories/19823 http://securitytracker.com/id?1014470 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.debian.org/security/2005/dsa-810 http://www.kb.cert.org/vuls/id/652366 http://www.mozilla.org/security/announce/mfsa2005-56.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html htt •

CVSS: 5.0EPSS: 1%CPEs: 38EXPL: 0

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. • http://secunia.com/advisories/15549 http://secunia.com/advisories/15551 http://secunia.com/advisories/15553 http://secunia.com/advisories/19823 http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-52.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/ •