CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0146
https://notcve.org/view.php?id=CVE-2005-0146
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation. • http://www.mozilla.org/security/announce/mfsa2005-08.html •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2005-0147
https://notcve.org/view.php?id=CVE-2005-0147
29 Jan 2005 — Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. • http://www.mozilla.org/security/announce/mfsa2005-09.html •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2005-0149
https://notcve.org/view.php?id=CVE-2005-0149
29 Jan 2005 — Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. • http://secunia.com/advisories/19823 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2CVE-2004-2659
https://notcve.org/view.php?id=CVE-2004-2659
31 Dec 2004 — Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. • http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 0%CPEs: 43EXPL: 0CVE-2004-1449
https://notcve.org/view.php?id=CVE-2004-1449
31 Dec 2004 — Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1450
https://notcve.org/view.php?id=CVE-2004-1450
31 Dec 2004 — Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. • http://bugzilla.mozilla.org/show_bug.cgi?id=239122 •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 2CVE-2004-1451
https://notcve.org/view.php?id=CVE-2004-1451
31 Dec 2004 — Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. • http://bugzilla.mozilla.org/show_bug.cgi?id=228176 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 5CVE-2004-1753
https://notcve.org/view.php?id=CVE-2004-1753
31 Dec 2004 — The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. • http://bugzilla.mozilla.org/show_bug.cgi?id=162134 •
CVSS: 6.5EPSS: 5%CPEs: 22EXPL: 2CVE-2004-1316
https://notcve.org/view.php?id=CVE-2004-1316
29 Dec 2004 — Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. • http://isec.pl/vulnerabilities/isec-0020-mozilla.txt •
CVSS: 6.5EPSS: 1%CPEs: 53EXPL: 0CVE-2004-1156
https://notcve.org/view.php?id=CVE-2004-1156
10 Dec 2004 — Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13129 •