CVSS: 10.0EPSS: 11%CPEs: 38EXPL: 0CVE-2004-0904
https://notcve.org/view.php?id=CVE-2004-0904
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. • http://bugzilla.mozilla.org/show_bug.cgi?id=255067 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/847200 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11171 http://www.us-cert.gov/cas/techalerts& •
CVSS: 4.6EPSS: 1%CPEs: 62EXPL: 1CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/651928 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11177 http://www.us-cert.gov/cas/techalerts& •
CVSS: 10.0EPSS: 83%CPEs: 3EXPL: 1CVE-2004-0722 – Mozilla 1.x / Netscape 7.0/7.1 - SOAP Integer Overflow
https://notcve.org/view.php?id=CVE-2004-0722
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección. • https://www.exploit-db.com/exploits/24346 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=236618 http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.securityfocus.com/bid/15495 https://exchange.xforce.ibmcloud.com/vulnerabilities/16862 https://oval.ci •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2004-0718
https://notcve.org/view.php?id=CVE-2004-0718
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantación de sitios web y otros ataques. Vulnerabilidad también conocida como "de inyección de marco". • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=246448 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test http://www.debian.org/security/2005/dsa-777 http://www.debian.org/security/2005/dsa-810 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.novell.com/linux/security/ad •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2CVE-2004-0528 – Netscape Navigator 7.1 - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0528
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Netscape Navigator 7.1 permite a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising)". • https://www.exploit-db.com/exploits/24137 http://www.osvdb.org/6580 http://www.securityfocus.com/bid/10389 https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 •