CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1CVE-2004-0648 – Mozilla 1.7 - External Protocol Handler
https://notcve.org/view.php?id=CVE-2004-0648
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell: • https://www.exploit-db.com/exploits/24263 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html http://marc.info/?l=bugtraq&m=108938712815719&w=2 http://secunia.com/advisories/12027 http://www.ciac.org/ciac/bulletins/o-175.shtml http://www.kb.cert.org/vuls/id/927014 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/shell.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16655 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0478
https://notcve.org/view.php?id=CVE-2004-0478
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. Ciertas versiones (desconocidas) de Mozilla permiten a atacantes remotos causar una denegación de servicio (alto consumo de RAM/CPU) usando Javascritp en un bucle infinito que añade continuamente entrada a un formulario, posiblemente como resultado de inserción de caractéres de control, como se ha demostrado usando un carácter "Ctrl-U" embebido. • http://bugzilla.mozilla.org/show_bug.cgi?id=243540 http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16225 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 1CVE-2003-0594
https://notcve.org/view.php?id=CVE-2003-0594
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Mozilla permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Mozilla envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.redhat.com/support/errata/RHSA-2004-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917 https://oval.cisecurity.org/repository/search/definition/oval& •
CVSS: 6.8EPSS: 1%CPEs: 32EXPL: 1CVE-2004-0191
https://notcve.org/view.php?id=CVE-2004-0191
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior ("documento zombi") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove. • http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://marc.info/?l=bugtraq&m=107774710729469&w=2 http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://www.osvdb.org/4062 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/9747 https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2003-1265
https://notcve.org/view.php?id=CVE-2003-1265
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html http://www.iss.net/security_center/static/10963.php http://www.securityfocus.com/bid/6499 http://www.securitytracker.com/id?1005871 •