Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | 10.0 |
| 2005-01-24 | CVE-2005-0145 | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | 2.6 |
| 2005-01-04 | CVE-2004-1061 | Cross-Site Scripting vulnerability in Bugzilla Internal Error Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. network mozilla | 4.3 |
| 2004-12-31 | CVE-2004-2659 | Race Condition vulnerability in multiple products Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. | 4.0 |
| 2004-12-31 | CVE-2004-2228 | Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | 7.2 |
| 2004-12-31 | CVE-2004-2227 | Remote Security vulnerability in Firefox Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. | 5.0 |
| 2004-12-31 | CVE-2004-2226 | Remote Security vulnerability in Mozilla Thunderbird 0.8/1.7.1/1.7.3 Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. | 5.0 |
| 2004-12-31 | CVE-2004-2225 | Unspecified vulnerability in Mozilla Firefox Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | 5.0 |
| 2004-12-31 | CVE-2004-1753 | The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | 2.6 |
| 2004-12-31 | CVE-2004-1451 | Remote Security vulnerability in Browser Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. | 2.6 |