Filtered by vendor Mozilla
Subscriptions
Total
2994 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-2665 | 1 Mozilla | 1 Firefox | 2009-09-04 | N/A |
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | ||||
CVE-2009-2662 | 1 Mozilla | 1 Firefox | 2009-09-04 | N/A |
The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. | ||||
CVE-2009-2478 | 1 Mozilla | 1 Firefox | 2009-08-07 | N/A |
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | ||||
CVE-2009-0486 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. | ||||
CVE-2009-0485 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. | ||||
CVE-2009-0484 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi. | ||||
CVE-2009-0483 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. | ||||
CVE-2009-0482 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. | ||||
CVE-2009-0481 | 1 Mozilla | 1 Bugzilla | 2009-03-25 | N/A |
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. | ||||
CVE-2009-0068 | 2 Freedesktop, Mozilla | 2 Xdg-utils, Firefox | 2009-02-10 | N/A |
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | ||||
CVE-2007-6715 | 1 Mozilla | 1 Firefox | 2008-11-15 | N/A |
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case. | ||||
CVE-2007-2176 | 1 Mozilla | 1 Firefox | 2008-11-13 | N/A |
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175. | ||||
CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-10 | N/A |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | ||||
CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | ||||
CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | ||||
CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | ||||
CVE-2002-0011 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | ||||
CVE-2002-0010 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. | ||||
CVE-2002-0009 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | ||||
CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. |