Vulnerabilities > Mozilla > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-08-18 | CVE-2003-1046 | Multiple vulnerability in Bugzilla describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. | 7.5 |
2004-08-18 | CVE-2003-1044 | Multiple vulnerability in Bugzilla editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID. | 7.5 |
2004-07-27 | CVE-2004-0718 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 7.5 |
2004-07-27 | CVE-2004-0707 | Unspecified vulnerability in Mozilla Bugzilla SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | 7.5 |
2004-07-27 | CVE-2004-0703 | Unspecified vulnerability in Mozilla Bugzilla Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | 7.5 |
2004-04-15 | CVE-2003-0594 | Unspecified vulnerability in Mozilla Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. | 7.5 |
2003-06-16 | CVE-2003-0298 | Denial-Of-Service vulnerability in Browser The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
2003-04-02 | CVE-2003-0152 | Remote Command Execution vulnerability in Mozilla Bonsai 1.3 Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | 7.5 |
2003-01-17 | CVE-2003-0013 | LocalConfig Backup File Disclosure vulnerability in Bugzilla The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | 7.5 |
2002-12-31 | CVE-2002-2061 | Denial-Of-Service vulnerability in Netscape Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | 7.5 |