CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0147
https://notcve.org/view.php?id=CVE-2005-0147
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. • http://www.mozilla.org/security/announce/mfsa2005-09.html •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0144
https://notcve.org/view.php?id=CVE-2005-0144
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. • http://www.mozilla.org/security/announce/mfsa2005-04.html •
CVSS: 9.1EPSS: 0%CPEs: 62EXPL: 0CVE-2005-0143
https://notcve.org/view.php?id=CVE-2005-0143
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. • http://www.mozilla.org/security/announce/mfsa2005-03.html •
CVSS: 6.5EPSS: 5%CPEs: 9EXPL: 0CVE-2005-0145
https://notcve.org/view.php?id=CVE-2005-0145
24 Jan 2005 — Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. • http://www.mozilla.org/security/announce/mfsa2005-07.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2657
https://notcve.org/view.php?id=CVE-2004-2657
31 Dec 2004 — Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision. • http://www.securityfocus.com/archive/1/431021/100/0/threaded •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 5CVE-2004-1753
https://notcve.org/view.php?id=CVE-2004-1753
31 Dec 2004 — The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. • http://bugzilla.mozilla.org/show_bug.cgi?id=162134 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2228
https://notcve.org/view.php?id=CVE-2004-2228
31 Dec 2004 — Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. • http://secunia.com/advisories/13144 •
CVSS: 6.5EPSS: 3%CPEs: 8EXPL: 0CVE-2004-2225
https://notcve.org/view.php?id=CVE-2004-2225
31 Dec 2004 — Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. • http://secunia.com/advisories/12708 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2227
https://notcve.org/view.php?id=CVE-2004-2227
31 Dec 2004 — Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. • http://secunia.com/advisories/13144 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2004-1200
https://notcve.org/view.php?id=CVE-2004-1200
15 Dec 2004 — Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html •