National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mozilla:mozilla:1.5:rc1
There are 55 matching records.
Displaying matches 41 through 55.
Vuln ID Summary CVSS Severity
CVE-2004-1449

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 2.6 LOW
CVE-2004-1451

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 2.6 LOW
CVE-2004-1316

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.

Published: December 29, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-1380

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-1381

Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.

Published: October 20, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-1613

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

Published: October 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-1614

Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.

Published: October 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Published: September 14, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0757

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2004-0761

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0764

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2004-0765

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2004-0648

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

Published: August 06, 2004; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Published: March 15, 2004; 12:00:00 AM -05:00
V2: 6.8 MEDIUM