mozilla - several

2005-10-2000:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several security-related problems have been discovered in Mozilla and
derived programs. The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-2871
Tom Ferris discovered a bug in the IDN hostname handling of
Mozilla that allows remote attackers to cause a denial of service
and possibly execute arbitrary code via a hostname with dashes.
CAN-2005-2701
A buffer overflow allows remote attackers to execute arbitrary
code via an XBM image file that ends in a large number of spaces
instead of the expected end tag.
CAN-2005-2702
Mats Palmgren discovered a buffer overflow in the Unicode string
parser that allows a specially crafted Unicode sequence to
overflow a buffer and cause arbitrary code to be executed.
CAN-2005-2703
Remote attackers could spoof HTTP headers of XML HTTP requests
via XMLHttpRequest and possibly use the client to exploit
vulnerabilities in servers or proxies.
CAN-2005-2704
Remote attackers could spoof DOM objects via an XBL control that
implements an internal XPCOM interface.
CAN-2005-2705
Georgi Guninski discovered an integer overflow in the JavaScript
engine that might allow remote attackers to execute arbitrary
code.
CAN-2005-2706
Remote attackers could execute Javascript code with chrome
privileges via an about: page such as about:mozilla.
CAN-2005-2707
Remote attackers could spawn windows without user interface
components such as the address and status bar that could be used
to conduct spoofing or phishing attacks.
CAN-2005-2968
Peter Zelezny discovered that shell metacharacters are not
properly escaped when they are passed to a shell script and allow
the execution of arbitrary commands, e.g. when a malicious URL is
automatically copied from another program into Mozilla as default
browser.