Search CVE reports
3051 – 3060 of 3080 results
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
3 affected packages
firefox, mozilla, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including...
3 affected packages
mozilla, firefox, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozilla | — | — | — | — | — |
| firefox | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
3 affected packages
firefox, mozilla, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
3 affected packages
firefox, mozilla, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
3 affected packages
firefox, mozilla, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code...
6 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla, mozilla-thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| firefox-granparadiso | — | — | — | — | — |
| lightning-sunbird | — | — | — | — | — |
| midbrowser | — | — | — | — | — |
| mozilla | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
1 affected package
firefox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
6 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla-thunderbird, xulrunner
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| firefox-granparadiso | — | — | — | — | — |
| lightning-sunbird | — | — | — | — | — |
| midbrowser | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from...
1 affected package
firefox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
1 affected package
firefox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |