Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-07-27 | CVE-2004-0704 | Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | 5.0 |
| 2004-07-27 | CVE-2004-0703 | Unspecified vulnerability in Mozilla Bugzilla Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | 7.5 |
| 2004-07-27 | CVE-2004-0702 | Unspecified vulnerability in Mozilla Bugzilla DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information. | 5.0 |
| 2004-07-07 | CVE-2004-0478 | Resource Management Errors vulnerability in Mozilla Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. | 2.6 |
| 2004-04-15 | CVE-2003-0594 | Unspecified vulnerability in Mozilla Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. | 7.5 |
| 2004-03-15 | CVE-2004-0191 | Cross-Site Scripting vulnerability in Mozilla Browser Zombie Document Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. network mozilla | 6.8 |
| 2003-12-31 | CVE-2003-1492 | Link Following vulnerability in multiple products Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . | 5.0 |
| 2003-12-31 | CVE-2003-1265 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | 2.1 |
| 2003-10-07 | CVE-2003-0791 | Deserialization of Untrusted Data vulnerability in multiple products The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | 9.8 |
| 2003-08-27 | CVE-2003-0603 | Unspecified vulnerability in Mozilla Bugzilla Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. | 2.1 |