Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2314 | Improper Input Validation vulnerability in Mozilla 1.0 Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | 5.0 |
| 2002-12-31 | CVE-2002-2260 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. | 4.3 |
| 2002-12-31 | CVE-2002-2061 | Denial-Of-Service vulnerability in Netscape Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | 7.5 |
| 2002-12-31 | CVE-2002-2013 | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | 5.0 |
| 2002-11-29 | CVE-2002-1308 | Remote Heap Corruption vulnerability in Netscape/Mozilla JAR Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | 7.5 |
| 2002-10-28 | CVE-2002-1198 | SQL Injection vulnerability in Bugzilla Account Creation Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. | 7.5 |
| 2002-10-28 | CVE-2002-1197 | Unspecified vulnerability in Mozilla Bugzilla bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | 7.5 |
| 2002-10-28 | CVE-2002-1196 | Unspecified vulnerability in Mozilla Bugzilla editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. | 7.5 |
| 2002-10-04 | CVE-2002-1091 | Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | 7.5 |
| 2002-09-24 | CVE-2002-1126 | Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | 2.6 |