Page 2 of 12 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2

Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13402 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.securityfocus.com/bid/11852 •

CVSS: 10.0EPSS: 13%CPEs: 38EXPL: 0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. • http://bugzilla.mozilla.org/show_bug.cgi?id=255067 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/847200 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11171 http://www.us-cert.gov/cas/techalerts& •

CVSS: 4.6EPSS: 2%CPEs: 62EXPL: 1

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/651928 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11177 http://www.us-cert.gov/cas/techalerts& •

CVSS: 10.0EPSS: 83%CPEs: 3EXPL: 1

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección. • https://www.exploit-db.com/exploits/24346 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=236618 http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.securityfocus.com/bid/15495 https://exchange.xforce.ibmcloud.com/vulnerabilities/16862 https://oval.ci •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html http://www.iss.net/security_center/static/10963.php http://www.securityfocus.com/bid/6499 http://www.securitytracker.com/id?1005871 •