Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-07 | CVE-2007-0800 | Unspecified vulnerability in Mozilla Firefox 1.5.0.9 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. network mozilla | 4.3 |
| 2007-02-06 | CVE-2007-0792 | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla 2.23.3 The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | 7.5 |
| 2007-02-06 | CVE-2007-0791 | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network mozilla | 4.3 |
| 2006-12-31 | CVE-2006-6853 | Remote Buffer Overflow vulnerability in Mozilla Durian web Application Server 3.02 Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | 10.0 |
| 2006-12-20 | CVE-2006-6507 | Remote vulnerability in Mozilla Firefox 2.0 Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. network mozilla | 4.3 |
| 2006-12-20 | CVE-2006-6506 | Remote vulnerability in Mozilla Firefox 2.0 The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. network mozilla | 4.3 |
| 2006-12-20 | CVE-2006-6505 | Remote vulnerability in Mozilla Seamonkey and Thunderbird Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. network mozilla | 6.8 |
| 2006-12-20 | CVE-2006-6504 | Code Injection vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. | 9.3 |
| 2006-12-20 | CVE-2006-6503 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | 6.8 |
| 2006-12-20 | CVE-2006-6502 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. network mozilla | 7.1 |