CVSS: 1.7EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2657
https://notcve.org/view.php?id=CVE-2004-2657
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision. • http://www.securityfocus.com/archive/1/431021/100/0/threaded http://www.securityfocus.com/archive/1/431063/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=234680 https://bugzilla.mozilla.org/show_bug.cgi?id=330884 •
CVSS: 5.0EPSS: 76%CPEs: 8EXPL: 0CVE-2004-2225
https://notcve.org/view.php?id=CVE-2004-2225
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. • http://secunia.com/advisories/12708 http://securitytracker.com/id?1011501 http://www.mozilla.org/projects/security/older-vulnerabilities.html#firefox0.10.1 http://www.osvdb.org/10478 http://www.securityfocus.com/bid/11311 https://bugzilla.mozilla.org/show_bug.cgi?id=259708 •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 5CVE-2004-1753
https://notcve.org/view.php?id=CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. • http://bugzilla.mozilla.org/show_bug.cgi?id=162134 http://secunia.com/advisories/12392 http://www.securityfocus.com/archive/1/373080 http://www.securityfocus.com/archive/1/373232 http://www.securityfocus.com/archive/1/373309 http://www.securityfocus.com/bid/11059 https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 •
CVSS: 5.0EPSS: 6%CPEs: 8EXPL: 0CVE-2004-2227
https://notcve.org/view.php?id=CVE-2004-2227
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. • http://secunia.com/advisories/13144 http://secunia.com/advisories/13724 http://security.gentoo.org/glsa/glsa-200501-03.xml http://www.osvdb.org/11591 https://bugzilla.mozilla.org/show_bug.cgi?id=234416 https://exchange.xforce.ibmcloud.com/vulnerabilities/18016 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2228
https://notcve.org/view.php?id=CVE-2004-2228
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. • http://secunia.com/advisories/13144 http://secunia.com/advisories/13724 http://security.gentoo.org/glsa/glsa-200501-03.xml http://www.osvdb.org/11592 http://www.securityfocus.com/bid/11644 https://exchange.xforce.ibmcloud.com/vulnerabilities/18017 •