Page 8 of 77 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. • http://marc.info/?l=bugtraq&m=110512665029209&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18803 •

CVSS: 2.6EPSS: 0%CPEs: 62EXPL: 0

Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. • http://www.mozilla.org/security/announce/mfsa2005-03.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=257308 https://exchange.xforce.ibmcloud.com/vulnerabilities/19166 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 2.6EPSS: 0%CPEs: 35EXPL: 2

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. • http://bugzilla.mozilla.org/show_bug.cgi?id=228176 http://secunia.com/advisories/10419 http://www.mozilla.org/projects/security/known-vulnerabilities.html •

CVSS: 2.6EPSS: 0%CPEs: 43EXPL: 0

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •

CVSS: 5.0EPSS: 5%CPEs: 22EXPL: 2

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. • http://isec.pl/vulnerabilities/isec-0020-mozilla.txt http://marc.info/?l=bugtraq&m=110436284718949&w=2 http://marc.info/?l=bugtraq&m=110780717916478&w=2 http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-06.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-038.html http://www.securityfocus.com/bid/12131 https://exchange.xforce.ibmcloud.com/vulnerabilities/18711 https:// •