Vulnerabilities > Mozilla > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-03-23 | CVE-2005-0143 | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. | 2.6 |
2005-03-04 | CVE-2005-0593 | Remote vulnerability in Mozilla Suite Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. | 2.6 |
2005-02-07 | CVE-2005-0231 | Unspecified vulnerability in Mozilla Firefox 1.0 Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | 2.6 |
2005-01-24 | CVE-2005-0145 | Unspecified vulnerability in Mozilla Firefox Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | 2.6 |
2004-12-31 | CVE-2004-1449 | File-Upload vulnerability in Browser Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | 2.6 |
2004-12-31 | CVE-2004-1451 | Remote Security vulnerability in Browser Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. | 2.6 |
2004-12-31 | CVE-2004-1753 | The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | 2.6 |
2004-07-27 | CVE-2004-0706 | Unspecified vulnerability in Mozilla Bugzilla Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | 2.1 |
2004-07-07 | CVE-2004-0478 | Resource Management Errors vulnerability in Mozilla Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. | 2.6 |
2003-12-31 | CVE-2003-1265 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | 2.1 |