CVE-2005-0150
https://notcve.org/view.php?id=CVE-2005-0150
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code. • http://www.mozilla.org/security/announce/mfsa2005-12.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=265668 https://exchange.xforce.ibmcloud.com/vulnerabilities/19187 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100046 •
CVE-2005-0147
https://notcve.org/view.php?id=CVE-2005-0147
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. • http://www.mozilla.org/security/announce/mfsa2005-09.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=267263 https://exchange.xforce.ibmcloud.com/vulnerabilities/19174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9578 •
CVE-2005-0141
https://notcve.org/view.php?id=CVE-2005-0141
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. • http://www.mozilla.org/security/announce/mfsa2005-01.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=249332 https://exchange.xforce.ibmcloud.com/vulnerabilities/19168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •
CVE-2005-0142
https://notcve.org/view.php?id=CVE-2005-0142
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. • http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-02.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.redhat.com/support/errata/RHSA-2005-384.html https://bugzilla.mozilla.org/show_bug.cgi?id=251297 https://exchange.xforce.ibmcloud.com/vulnerabilities/17832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056 https://oval& •
CVE-2005-0145
https://notcve.org/view.php?id=CVE-2005-0145
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. • http://www.mozilla.org/security/announce/mfsa2005-07.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=265176 https://exchange.xforce.ibmcloud.com/vulnerabilities/19170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100051 •