CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 1CVE-2003-0594
https://notcve.org/view.php?id=CVE-2003-0594
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Mozilla permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Mozilla envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.redhat.com/support/errata/RHSA-2004-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917 https://oval.cisecurity.org/repository/search/definition/oval& •
CVSS: 6.8EPSS: 1%CPEs: 32EXPL: 1CVE-2004-0191
https://notcve.org/view.php?id=CVE-2004-0191
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior ("documento zombi") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove. • http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://marc.info/?l=bugtraq&m=107774710729469&w=2 http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://www.osvdb.org/4062 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/9747 https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0791
https://notcve.org/view.php?id=CVE-2003-0791
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. • http://secunia.com/advisories/11103 http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.osvdb.org/8390 http://www.securityfocus.com/advisories/6979 http://www.securityfocus.com/bid/9322 https://bugzilla.mozilla.org/show_bug.cgi?id=221526 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2002-2359 – Mozilla 1.0/1.1 - FTP View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2359
Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. • https://www.exploit-db.com/exploits/21682 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html http://bugzilla.mozilla.org/show_bug.cgi?id=154030 http://www.iss.net/security_center/static/9757.php http://www.securityfocus.com/bid/5403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2002-1308
https://notcve.org/view.php?id=CVE-2002-1308
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Desbordamiento de búfer basado en el montículo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar código arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un búfer durante la descompresión. • http://bugzilla.mozilla.org/show_bug.cgi?id=157646 http://marc.info/?l=bugtraq&m=103730181813075&w=2 http://www.redhat.com/support/errata/RHSA-2003-162.html http://www.redhat.com/support/errata/RHSA-2003-163.html http://www.securityfocus.com/bid/6185 https://exchange.xforce.ibmcloud.com/vulnerabilities/10636 https://access.redhat.com/security/cve/CVE-2002-1308 https://bugzilla.redhat.com/show_bug.cgi?id=1616870 •