CVSS: 5.0EPSS: 6%CPEs: 8EXPL: 0CVE-2004-2227
https://notcve.org/view.php?id=CVE-2004-2227
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. • http://secunia.com/advisories/13144 http://secunia.com/advisories/13724 http://security.gentoo.org/glsa/glsa-200501-03.xml http://www.osvdb.org/11591 https://bugzilla.mozilla.org/show_bug.cgi?id=234416 https://exchange.xforce.ibmcloud.com/vulnerabilities/18016 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2228
https://notcve.org/view.php?id=CVE-2004-2228
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. • http://secunia.com/advisories/13144 http://secunia.com/advisories/13724 http://security.gentoo.org/glsa/glsa-200501-03.xml http://www.osvdb.org/11592 http://www.securityfocus.com/bid/11644 https://exchange.xforce.ibmcloud.com/vulnerabilities/18017 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 1CVE-2004-1200
https://notcve.org/view.php?id=CVE-2004-1200
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029491.html http://www.securityfocus.com/bid/11752 http://www.securityfocus.com/bid/11760 https://exchange.xforce.ibmcloud.com/vulnerabilities/18282 •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2004-1156
https://notcve.org/view.php?id=CVE-2004-1156
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13129 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-13.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-384.html https://oval.cisecurity.org/re •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2004-1639
https://notcve.org/view.php?id=CVE-2004-1639
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. • http://archives.neohapsis.com/archives/vulnwatch/2004-q4/0017.html http://marc.info/?l=bugtraq&m=109886388528179&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17839 •