Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-0589

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-28 Feb, 2005 | 05:00
Updated At-07 Aug, 2024 | 21:21
Rejected At-
Credits

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:28 Feb, 2005 | 05:00
Updated At:07 Aug, 2024 | 21:21
Rejected At:
▼CVE Numbering Authority (CNA)

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/12659
vdb-entry
x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
vdb-entry
signature
x_refsource_OVAL
http://www.mozilla.org/security/announce/mfsa2005-19.html
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-176.html
vendor-advisory
x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
vendor-advisory
x_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=270697
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/12659
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-19.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-176.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=270697
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/12659
vdb-entry
x_refsource_BID
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mozilla.org/security/announce/mfsa2005-19.html
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-176.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=270697
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/12659
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-19.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-176.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=270697
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:02 May, 2005 | 04:00
Updated At:03 Apr, 2025 | 01:03

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>0.8
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.1
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.2
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.9.3
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.10
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>0.10.1
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-19.htmlsecalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-176.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/12659secalert@redhat.com
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=270697secalert@redhat.com
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825secalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-19.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-176.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/12659af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=270697af854a3a-2127-422b-91ae-364da2661108
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-19.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-176.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/12659
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=270697
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-19.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-176.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/12659
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=270697
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

172Records found
CVE-2017-7842
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7831
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7808
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-346
Origin Validation Error
CVE-2017-5412
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5418
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5385
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.61%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5408
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 78.19%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5382
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 76.73%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5445
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.25% / 83.93%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-5454
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5405
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.67% / 85.21%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-1187
DEPRECATED: Use of Uninitialized Resource
CVE-2017-5378
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5425
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxthunderbirdmac_os_xFirefoxThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-29954
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.07%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:17
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.

Action-Not Available
Vendor-Mozilla Corporation
Product-hubs_cloud_reticulumHubs Cloud
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-29950
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 13:18
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2011-2990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.54% / 66.68%
||
7 Day CHG~0.00%
Published-18 Aug, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2011-2986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.60%
||
7 Day CHG~0.00%
Published-18 Aug, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2979
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.69% / 70.81%
||
7 Day CHG~0.00%
Published-09 Aug, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2011-3653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.23% / 46.14%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-thunderbirdmac_os_xfirefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2380
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.69% / 70.81%
||
7 Day CHG~0.00%
Published-09 Aug, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5884
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.26% / 49.12%
||
7 Day CHG~0.00%
Published-16 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-6829
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 45.10%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxFirefox for Android
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found