Page 483 of 2504 results (0.011 seconds)

CVSS: 5.0EPSS: 11%CPEs: 24EXPL: 2

CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing

https://notcve.org/view.php?id=CVE-2005-4809

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 http://marc.info/?l=full-disclosure&m=111073068631287&w=2 http://secunia.com/advisories/14568 http://securitytracker.com/id?1013423 http://www.osvdb.org/14885 http://www.securityfocus.com/bid/12798 http://www.vupen.com/english/advisories/2005/0260 https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 •

CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1

CVE-2005-4134 – Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow

https://notcve.org/view.php?id=CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. • https://www.exploit-db.com/exploits/26762 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisori •

CVSS: 2.6EPSS: 9%CPEs: 7EXPL: 0

CVE-2005-3089

https://notcve.org/view.php?id=CVE-2005-3089

Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability. • http://secunia.com/advisories/16977 http://securitytracker.com/id?1014949 http://www.mozilla.org/products/firefox/releases/1.0.7.html http://www.osvdb.org/19615 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html http://www.securityfocus.com/bid/14924 https://bugzilla.mozilla.org/show_bug.cgi?id=302100 https://exchange.xforce.ibmcloud.com/vulnerabilities/22371 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9280 https:&#x •

CVSS: 7.5EPSS: 91%CPEs: 12EXPL: 0

CVE-2005-2701

https://notcve.org/view.php?id=CVE-2005-2701

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http://www.debian.org/security/2005/dsa-838 http://www.debian.org/secur •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0

CVE-2005-2703

https://notcve.org/view.php?id=CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •