CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0791
https://notcve.org/view.php?id=CVE-2003-0791
07 Oct 2003 — The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. • http://secunia.com/advisories/11103 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 2CVE-2002-2013
https://notcve.org/view.php?id=CVE-2002-2013
31 Dec 2002 — Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. • http://alive.znep.com/~marcs/security/mozillacookie/demo.html •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2002-2061
https://notcve.org/view.php?id=CVE-2002-2061
31 Dec 2002 — Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. • http://bugzilla.mozilla.org/show_bug.cgi?id=157202 •
CVSS: 7.5EPSS: 5%CPEs: 36EXPL: 2CVE-2002-2338 – Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service
https://notcve.org/view.php?id=CVE-2002-2338
31 Dec 2002 — The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. • https://www.exploit-db.com/exploits/21539 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 1CVE-2002-1126
https://notcve.org/view.php?id=CVE-2002-1126
24 Sep 2002 — Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. • http://bugzilla.mozilla.org/show_bug.cgi?id=145579 •