CVSS: 9.8EPSS: 4%CPEs: 34EXPL: 0CVE-2005-1160 – Ubuntu Security Notice 157-1
https://notcve.org/view.php?id=CVE-2005-1160
18 Apr 2005 — The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. A multitude of Mozilla Thunderbird vulnerabilities have been addressed in this advisory. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 8.8EPSS: 41%CPEs: 46EXPL: 0CVE-2005-0399 – Gentoo Linux Security Advisory 200503-32
https://notcve.org/view.php?id=CVE-2005-0399
24 Mar 2005 — Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged c... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 8.8EPSS: 3%CPEs: 31EXPL: 2CVE-2005-0401 – Gentoo Linux Security Advisory 200503-31
https://notcve.org/view.php?id=CVE-2005-0401
24 Mar 2005 — FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged ... • http://marc.info/?l=bugtraq&m=111168413007891&w=2 •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-0587
https://notcve.org/view.php?id=CVE-2005-0587
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. • http://secunia.com/advisories/19823 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2005-0584 – Gentoo Linux Security Advisory 200503-10
https://notcve.org/view.php?id=CVE-2005-0584
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected. • http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml •
CVSS: 6.5EPSS: 1%CPEs: 31EXPL: 0CVE-2005-0585 – Gentoo Linux Security Advisory 200503-10
https://notcve.org/view.php?id=CVE-2005-0585
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected. • http://secunia.com/advisories/13599 •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2005-0586 – Gentoo Linux Security Advisory 200503-10
https://notcve.org/view.php?id=CVE-2005-0586
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content. Mozilla Firefox is vulnerable to a local file deletion issue and to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. • http://secunia.com/advisories/13258 •
CVSS: 5.3EPSS: 1%CPEs: 31EXPL: 0CVE-2005-0588 – Gentoo Linux Security Advisory 200503-10
https://notcve.org/view.php?id=CVE-2005-0588
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions less than 1.7.6 are affected. • http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml •
CVSS: 7.5EPSS: 1%CPEs: 44EXPL: 0CVE-2005-0590 – Gentoo Linux Security Advisory 200503-32
https://notcve.org/view.php?id=CVE-2005-0590
28 Feb 2005 — The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged... • http://secunia.com/advisories/19823 •
CVSS: 9.8EPSS: 3%CPEs: 31EXPL: 0CVE-2005-0592 – Gentoo Linux Security Advisory 200503-32
https://notcve.org/view.php?id=CVE-2005-0592
28 Feb 2005 — Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value. The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content. Versions l... • http://secunia.com/advisories/19823 •