CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2004-0764
https://notcve.org/view.php?id=CVE-2004-0764
03 Aug 2004 — Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, permiten a sitios web remotos secuestrar el interfaz del usuario mediante la bandera "chrome" y ficheros de Interfaz de Usuario XML (XUL). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2004-0765
https://notcve.org/view.php?id=CVE-2004-0765
03 Aug 2004 — The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. La función cet_TestHostName en Mozilla anteriores a 1.7, Firefox anteriores a 0.9, y Thunderbird anteriores a 0.7, sólo comprueba la porción de nombre de máquina de un certificado cuando la porción de nombre de máquin... • http://bugzilla.mozilla.org/show_bug.cgi?id=234058 •
CVSS: 10.0EPSS: 22%CPEs: 3EXPL: 1CVE-2004-0648 – Mozilla 1.7 - External Protocol Handler
https://notcve.org/view.php?id=CVE-2004-0648
13 Jul 2004 — Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell: • https://www.exploit-db.com/exploits/24263 •
CVSS: 6.8EPSS: 1%CPEs: 32EXPL: 1CVE-2004-0191
https://notcve.org/view.php?id=CVE-2004-0191
15 Mar 2004 — Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior ("documento zombi") y posibilitando ataques de secuencias de comandos en sitios cru... • http://bugzilla.mozilla.org/show_bug.cgi?id=227417 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0791
https://notcve.org/view.php?id=CVE-2003-0791
07 Oct 2003 — The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. • http://secunia.com/advisories/11103 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
31 Dec 2002 — Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 •