Page 9 of 63 results (0.014 seconds)

CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. • http://www.mozilla.org/security/announce/mfsa2005-01.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.securityfocus.com/bid/12407 https://bugzilla.mozilla.org/show_bug.cgi?id=249332 https://exchange.xforce.ibmcloud.com/vulnerabilities/19168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. • http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-02.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-335.html http://www.redhat.com/support/errata/RHSA-2005-384.html https://bugzilla.mozilla.org/show_bug.cgi?id=251297 https://exchange.xforce.ibmcloud.com/vulnerabilities/17832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100056 https://oval& •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. • http://bugzilla.mozilla.org/show_bug.cgi?id=239122 http://www.mozilla.org/projects/security/known-vulnerabilities.html •

CVSS: 5.0EPSS: 5%CPEs: 22EXPL: 2

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. • http://isec.pl/vulnerabilities/isec-0020-mozilla.txt http://marc.info/?l=bugtraq&m=110436284718949&w=2 http://marc.info/?l=bugtraq&m=110780717916478&w=2 http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-06.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-038.html http://www.securityfocus.com/bid/12131 https://exchange.xforce.ibmcloud.com/vulnerabilities/18711 https:// •

CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13129 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-13.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-384.html https://oval.cisecurity.org/re •