Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-2707

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Sep, 2005 | 04:00
Updated At-07 Aug, 2024 | 22:45
Rejected At-
Credits

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Sep, 2005 | 04:00
Updated At:07 Aug, 2024 | 22:45
Rejected At:
▼CVE Numbering Authority (CNA)

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
vendor-advisory
x_refsource_MANDRIVA
http://www.debian.org/security/2005/dsa-868
vendor-advisory
x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2005/1824
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
vendor-advisory
x_refsource_FEDORA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
vendor-advisory
x_refsource_SCO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
vdb-entry
signature
x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
vdb-entry
x_refsource_XF
http://secunia.com/advisories/19823
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/14919
vdb-entry
x_refsource_BID
http://www.securityfocus.com/bid/15495
vdb-entry
x_refsource_BID
http://securitytracker.com/id?1014954
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2005-789.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/17026
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-791.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/17042
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-866
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/17284
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/mfsa2005-59.html
x_refsource_CONFIRM
http://secunia.com/advisories/17149
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17263
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/16917
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-838
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/17014
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-785.html
vendor-advisory
x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
vendor-advisory
x_refsource_SUSE
http://www.novell.com/linux/security/advisories/2006_04_25.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/17090
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/16911
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/16977
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.debian.org/security/2005/dsa-868
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.vupen.com/english/advisories/2005/1824
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Resource:
vendor-advisory
x_refsource_SCO
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/19823
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/14919
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/bid/15495
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://securitytracker.com/id?1014954
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-789.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/17026
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-791.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/17042
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2005/dsa-866
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/17284
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-59.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/17149
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17263
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/16917
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2005/dsa-838
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/17014
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-785.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/17090
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/16911
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/16977
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.debian.org/security/2005/dsa-868
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.vupen.com/english/advisories/2005/1824
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
vendor-advisory
x_refsource_FEDORA
x_transferred
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
vendor-advisory
x_refsource_SCO
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/19823
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/14919
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/bid/15495
vdb-entry
x_refsource_BID
x_transferred
http://securitytracker.com/id?1014954
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-789.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/17026
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-791.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/17042
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2005/dsa-866
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/17284
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mozilla.org/security/announce/mfsa2005-59.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/17149
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17263
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/16917
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2005/dsa-838
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/17014
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-785.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.novell.com/linux/security/advisories/2006_04_25.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/17090
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/16911
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/16977
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-868
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2005/1824
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Resource:
vendor-advisory
x_refsource_SCO
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/19823
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/14919
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/bid/15495
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securitytracker.com/id?1014954
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-789.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/17026
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-791.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/17042
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-866
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/17284
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-59.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/17149
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17263
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/16917
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-838
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/17014
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-785.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/17090
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/16911
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/16977
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:23 Sep, 2005 | 19:03
Updated At:03 Apr, 2025 | 01:03

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

Mozilla Corporation
mozilla
>>firefox>>Versions up to 1.0.6(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.1
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.2
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.3
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.4
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>1.0.5
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>Versions up to 1.7.11(inclusive)
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.6
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.7
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.8
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>mozilla_suite>>1.7.10
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtsecalert@redhat.com
N/A
http://secunia.com/advisories/16911secalert@redhat.com
N/A
http://secunia.com/advisories/16917secalert@redhat.com
N/A
http://secunia.com/advisories/16977secalert@redhat.com
N/A
http://secunia.com/advisories/17014secalert@redhat.com
N/A
http://secunia.com/advisories/17026secalert@redhat.com
N/A
http://secunia.com/advisories/17042secalert@redhat.com
N/A
http://secunia.com/advisories/17090secalert@redhat.com
N/A
http://secunia.com/advisories/17149secalert@redhat.com
N/A
http://secunia.com/advisories/17263secalert@redhat.com
N/A
http://secunia.com/advisories/17284secalert@redhat.com
N/A
http://secunia.com/advisories/19823secalert@redhat.com
N/A
http://securitytracker.com/id?1014954secalert@redhat.com
N/A
http://www.debian.org/security/2005/dsa-838secalert@redhat.com
N/A
http://www.debian.org/security/2005/dsa-866secalert@redhat.com
N/A
http://www.debian.org/security/2005/dsa-868secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/mfsa2005-59.htmlsecalert@redhat.com
N/A
http://www.novell.com/linux/security/advisories/2005_58_mozilla.htmlsecalert@redhat.com
N/A
http://www.novell.com/linux/security/advisories/2006_04_25.htmlsecalert@redhat.com
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2005-785.htmlsecalert@redhat.com
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-789.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2005-791.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/14919secalert@redhat.com
N/A
http://www.securityfocus.com/bid/15495secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2005/1824secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22380secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197secalert@redhat.com
N/A
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/16911af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/16917af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/16977af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17014af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17026af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17042af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17090af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17149af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17263af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17284af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19823af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1014954af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-838af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-866af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-868af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mozilla.org/security/announce/mfsa2005-59.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2005_58_mozilla.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006_04_25.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-785.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-789.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-791.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/14919af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/15495af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2005/1824af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22380af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/16911
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/16917
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/16977
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17014
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17026
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17042
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17090
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17149
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17263
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/17284
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/19823
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1014954
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-838
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-866
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-868
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-59.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-785.html
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-789.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-791.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/14919
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15495
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2005/1824
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
Source: secalert@redhat.com
Resource: N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/16911
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/16917
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/16977
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17014
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17026
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17042
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17090
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17149
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17263
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17284
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1014954
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-838
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-866
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-868
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/mfsa2005-59.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_04_25.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-785.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-789.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-791.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/14919
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15495
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2005/1824
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found

CVE-2005-4809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.38% / 92.90%
||
7 Day CHG~0.00%
Published-30 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozillafirefoxthunderbirdn/a
CVE-2010-0169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 20:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2009-3078
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 21:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7791
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.35% / 79.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1380
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.50% / 94.19%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxmozillan/a
CVE-2006-1742
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-13.99% / 94.07%
||
7 Day CHG~0.00%
Published-14 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozilla_suitefirefoxseamonkeythunderbirdn/a
CVE-2006-0296
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-41.20% / 97.30%
||
7 Day CHG~0.00%
Published-02 Feb, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2016-9065
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7211
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.65%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-leapfedorafirefoxopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2805
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.20% / 83.73%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1940
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

Action-Not Available
Vendor-n/aGoogle LLCMozilla Corporation
Product-firefoxandroidn/a
CVE-2005-2173
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.83%
||
7 Day CHG~0.00%
Published-08 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2005-1575
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.49% / 64.40%
||
7 Day CHG~0.00%
Published-14 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2008-0594
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.26% / 78.54%
||
7 Day CHG~0.00%
Published-09 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2021-4138
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.80%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:08
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.

Action-Not Available
Vendor-Mozilla Corporation
Product-geckodrivergeckodriver
CVE-2008-1238
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.24% / 90.52%
||
7 Day CHG~0.00%
Published-27 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-7197
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.93%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2005-0238
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.75% / 72.13%
||
7 Day CHG~0.00%
Published-07 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Action-Not Available
Vendor-omnigroupn/aThe GNOME ProjectOperaMozilla Corporation
Product-mozillaomniwebopera_browserepiphanycaminon/a
CVE-2015-4478
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-1.26% / 78.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-0367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.76%
||
7 Day CHG~0.00%
Published-18 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-4538
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.69% / 70.77%
||
7 Day CHG~0.00%
Published-27 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2015-0798
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.

Action-Not Available
Vendor-n/aGoogle LLCMozilla CorporationOracle Corporation
Product-firefoxsolarisandroidn/a
CVE-2013-0759
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-1.37% / 79.43%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-4357
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.23%
||
7 Day CHG~0.00%
Published-15 Aug, 2007 | 00:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-0802
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-80.39% / 99.09%
||
7 Day CHG+0.97%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CVE-2007-1762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.19% / 41.67%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-0832
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.14% / 33.93%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-firefoxopensuseubuntu_linuxn/a
CVE-2015-0816
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-85.37% / 99.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrthunderbirdn/a
CVE-2016-9072
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsFirefox
CWE ID-CWE-254
Not Available
CVE-2020-12391
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.01%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:02
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-863
Incorrect Authorization
CVE-2006-2778
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.51% / 95.00%
||
7 Day CHG~0.00%
Published-02 Jun, 2006 | 18:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdn/a
CVE-2006-1650
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.64%
||
7 Day CHG~0.00%
Published-06 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2014-1527
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.85% / 73.90%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

Action-Not Available
Vendor-n/aMozilla CorporationGoogle LLCFedora ProjectOracle Corporation
Product-fedorafirefoxsolarisandroidn/a
CVE-2019-11727
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 13:16
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-1572
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.93% / 75.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.

Action-Not Available
Vendor-n/aMozilla CorporationFedora Project
Product-fedorabugzillan/a
CVE-2014-1481
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esropensuseenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CVE-2014-1479
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.12%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CVE-2005-2704
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-23 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozilla_suitefirefoxn/a
CVE-2005-2703
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.68% / 88.92%
||
7 Day CHG~0.00%
Published-23 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozilla_suitefirefoxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-2429
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.30% / 52.46%
||
7 Day CHG~0.00%
Published-03 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2018-5129
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.6||HIGH
EPSS-2.39% / 84.42%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5109
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-346
Origin Validation Error
CVE-2005-2263
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.51% / 88.70%
||
7 Day CHG~0.00%
Published-13 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxmozillan/a
CVE-2013-1699
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.37% / 57.88%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2019-11737
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:20
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-11755
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:10
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2005-1158
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-18 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2005-0590
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.87%
||
7 Day CHG~0.00%
Published-28 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozillafirefoxthunderbirdn/a
CVE-2005-0149
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.20% / 78.07%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-mozillathunderbirdn/a
CVE-2005-0148
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.49% / 64.46%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdn/a
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found