Filtered by vendor Mozilla
Subscriptions
Total
2994 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
| Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | ||||
| CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2008-09-10 | N/A |
| Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | ||||
| CVE-2000-0421 | 1 Mozilla | 1 Bugzilla | 2008-09-10 | N/A |
| The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2008-09-05 | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | ||||
| CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2008-09-05 | N/A |
| bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | ||||
| CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2008-09-05 | N/A |
| Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | ||||
| CVE-2002-0810 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | ||||
| CVE-2002-0809 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. | ||||
| CVE-2002-0808 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. | ||||
| CVE-2002-0806 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. | ||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | ||||
| CVE-2002-0804 | 1 Mozilla | 1 Bugzilla | 2008-09-05 | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. | ||||
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2008-09-05 | N/A |
| Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | ||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | ||||