CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 3CVE-2021-29978
https://notcve.org/view.php?id=CVE-2021-29978
05 Aug 2021 — Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3. Multiples problemas de baja seguridad se detectaron y corrigieron en una auditoría de seguridad de la rama Mozilla VPN versión 2.x como parte de una auditoría de seguridad de terceros. Esta vulnerabilidad afecta a Mozilla VPN versiones anteriores a 2.3 • https://github.com/mozilla-mobile/mozilla-vpn-client/issues/797 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2009-3010
https://notcve.org/view.php?id=CVE-2009-3010
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product v... • http://websecurity.com.ua/3315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 2CVE-2009-3014
https://notcve.org/view.php?id=CVE-2009-3014
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1... • http://websecurity.com.ua/3373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4039
https://notcve.org/view.php?id=CVE-2007-4039
27 Jul 2007 — Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. Vulnerabilidad de inyección de argumento involucrando a Mozilla, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de nav... • http://larholm.com/2007/07/25/mozilla-protocol-abuse • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3144
https://notcve.org/view.php?id=CVE-2007-3144
11 Jun 2007 — Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Vulnerabilidad de truncamiento visual en Mozilla 1.7.12 permite a atacantes remotos envenenar la barra de dirección y posiblemente conducir ataques de phishing a través de un nombre de host largo, el cual está truncado después ... • http://osvdb.org/43466 •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2007-1794
https://notcve.org/view.php?id=CVE-2007-1794
02 Apr 2007 — The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan al colector de basura que provoca el borr... • http://secunia.com/advisories/24624 •
CVSS: 9.8EPSS: 13%CPEs: 48EXPL: 0CVE-2006-6498
https://notcve.org/view.php?id=CVE-2006-6498
20 Dec 2006 — Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunde... • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc •
CVSS: 8.1EPSS: 6%CPEs: 6EXPL: 3CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering
https://notcve.org/view.php?id=CVE-2006-2894
07 Jun 2006 — Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the ... • https://www.exploit-db.com/exploits/27987 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2006-2613
https://notcve.org/view.php?id=CVE-2006-2613
26 May 2006 — Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. • http://secunia.com/advisories/20244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 26%CPEs: 30EXPL: 0CVE-2006-1737
https://notcve.org/view.php?id=CVE-2006-1737
14 Apr 2006 — Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-189: Numeric Errors •