CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0147
https://notcve.org/view.php?id=CVE-2005-0147
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. • http://www.mozilla.org/security/announce/mfsa2005-09.html •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0144
https://notcve.org/view.php?id=CVE-2005-0144
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. • http://www.mozilla.org/security/announce/mfsa2005-04.html •
CVSS: 9.1EPSS: 0%CPEs: 62EXPL: 0CVE-2005-0143
https://notcve.org/view.php?id=CVE-2005-0143
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. • http://www.mozilla.org/security/announce/mfsa2005-03.html •
CVSS: 8.1EPSS: 0%CPEs: 43EXPL: 0CVE-2004-1449
https://notcve.org/view.php?id=CVE-2004-1449
31 Dec 2004 — Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 2CVE-2004-1451
https://notcve.org/view.php?id=CVE-2004-1451
31 Dec 2004 — Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. • http://bugzilla.mozilla.org/show_bug.cgi?id=228176 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 5CVE-2004-1753
https://notcve.org/view.php?id=CVE-2004-1753
31 Dec 2004 — The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. • http://bugzilla.mozilla.org/show_bug.cgi?id=162134 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1450
https://notcve.org/view.php?id=CVE-2004-1450
31 Dec 2004 — Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. • http://bugzilla.mozilla.org/show_bug.cgi?id=239122 •
CVSS: 6.5EPSS: 7%CPEs: 22EXPL: 2CVE-2004-1316
https://notcve.org/view.php?id=CVE-2004-1316
29 Dec 2004 — Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. • http://isec.pl/vulnerabilities/isec-0020-mozilla.txt •
CVSS: 6.5EPSS: 0%CPEs: 53EXPL: 0CVE-2004-1156
https://notcve.org/view.php?id=CVE-2004-1156
10 Dec 2004 — Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13129 •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 2CVE-2004-1381 – Multiple Browsers - Tabbed Browsing
https://notcve.org/view.php?id=CVE-2004-1381
20 Oct 2004 — Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. • https://www.exploit-db.com/exploits/589 •