CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
31 Dec 2002 — Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 •
CVSS: 5.0EPSS: 12%CPEs: 1EXPL: 4CVE-2002-2314 – Mozilla 0.9.x/1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
https://notcve.org/view.php?id=CVE-2002-2314
31 Dec 2002 — Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. • https://www.exploit-db.com/exploits/21638 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 36EXPL: 2CVE-2002-2338 – Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service
https://notcve.org/view.php?id=CVE-2002-2338
31 Dec 2002 — The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. • https://www.exploit-db.com/exploits/21539 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 2CVE-2002-2359 – Mozilla 1.0/1.1 - FTP View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2359
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. • https://www.exploit-db.com/exploits/21682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 12EXPL: 0CVE-2002-1308
https://notcve.org/view.php?id=CVE-2002-1308
29 Nov 2002 — Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Desbordamiento de búfer basado en el montículo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar código arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un búfer durante la descompresión. • http://bugzilla.mozilla.org/show_bug.cgi?id=157646 •
CVSS: 9.8EPSS: 4%CPEs: 13EXPL: 1CVE-2002-1091
https://notcve.org/view.php?id=CVE-2002-1091
04 Oct 2002 — Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. • http://bugzilla.mozilla.org/show_bug.cgi?id=157989 •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 1CVE-2002-1126
https://notcve.org/view.php?id=CVE-2002-1126
24 Sep 2002 — Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. • http://bugzilla.mozilla.org/show_bug.cgi?id=145579 •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 1CVE-2002-0594
https://notcve.org/view.php?id=CVE-2002-0594
18 Jun 2002 — Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 1CVE-2002-0593
https://notcve.org/view.php?id=CVE-2002-0593
11 Jun 2002 — Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2002-0354
https://notcve.org/view.php?id=CVE-2002-0354
03 May 2002 — The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. • http://marc.info/?l=bugtraq&m=102017952204097&w=2 •