CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 1CVE-2005-0591
https://notcve.org/view.php?id=CVE-2005-0591
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing." • http://marc.info/?l=bugtraq&m=110547286002188&w=2 http://secunia.com/advisories/13786 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mikx.de/firespoofing http://www.mikx.de/index.php?p=7 http://www.mozilla.org/security/announce/mfsa2005-16.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.securi •
CVSS: 2.6EPSS: 0%CPEs: 31EXPL: 0CVE-2005-0593
https://notcve.org/view.php?id=CVE-2005-0593
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. • http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-14.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.securityfocus.com/bid/12659 https://bugzilla.mozilla.org/show_bug.cgi?id=258048 https://bugzilla.mozilla.org/show_bug.cgi?id=268483 https://bugzilla.mozilla.org/show_bug&# •
CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0CVE-2005-0255
https://notcve.org/view.php?id=CVE-2005-0255
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. • http://secunia.com/advisories/19823 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities http://www.mozilla.org/security/announce/mfsa2005-18.html http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-176. •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0587
https://notcve.org/view.php?id=CVE-2005-0587
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. • http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-21.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.securityfocus.com/bid/12659 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100037 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2005-0592
https://notcve.org/view.php?id=CVE-2005-0592
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value. • http://secunia.com/advisories/19823 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-15.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.securityfocus.com/bid/12659 https://bugzilla.mozilla.org/show_bug.cgi?id=241440 https://oval.cisecurity.org/repository/search/defin •