Page 7 of 137 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2005-4874

https://notcve.org/view.php?id=CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. • https://bugzilla.mozilla.org/show_bug.cgi?id=297078 https://bugzilla.mozilla.org/show_bug.cgi?id=302489 https://exchange.xforce.ibmcloud.com/vulnerabilities/41553 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1

CVE-2005-4134 – Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow

https://notcve.org/view.php?id=CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. • https://www.exploit-db.com/exploits/26762 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisori •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2005-3896

https://notcve.org/view.php?id=CVE-2005-3896

Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. • http://marc.info/?l=bugtraq&m=113262115201500&w=2 http://www.computerterrorism.com/research/ie/ct21-11-2005 •

CVSS: 7.5EPSS: 91%CPEs: 12EXPL: 0

CVE-2005-2701

https://notcve.org/view.php?id=CVE-2005-2701

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http://www.debian.org/security/2005/dsa-838 http://www.debian.org/secur •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0

CVE-2005-2703

https://notcve.org/view.php?id=CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •