Lucene search
K

97 matches found

securityvulns
securityvulns
added 2005/02/28 12:0 a.m.52 views

iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error

Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=200&type=vulnerabilities February 28, 2005 I. BACKGROUND Mozilla is an open-source web browser, designed for standards compliance,...

5CVSS0.04291EPSS
Exploits0
Mozilla
Mozilla
added 2005/01/21 12:0 a.m.15 views

Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla

If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...

6.8AI score
Exploits0References1Affected Software2
Packet Storm
Packet Storm
added 2005/01/02 12:0 a.m.30 views

isec-0020-mozilla.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Heap overflow in Mozilla Browser Date: Dec 29, 2004 Issue: ====== A critical security vulnerability has been found in Mozilla Project code handling NNTP protocol. Details: ======== Mozilla browser supports NNTP urls. Remote side is able to...

7.4AI score
Exploits0
0day.today
0day.today
added 2004/12/31 12:0 a.m.25 views

Mozilla Browser <= 1.7.3 NNTP Code Heap Overflow (PoC)

Exploit for unknown platform in category dos / poc ====================================================== Mozilla Browser i = "news://news.individual.net/AAAAAAAAAAAAAA?"; forl = 0; l 0day.today 2018-02-09...

7AI score
Exploits0
securityvulns
securityvulns
added 2004/12/30 12:0 a.m.41 views

Heap overflow in Mozilla Browser &lt;= 1.7.3 NNTP code.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Heap overflow in Mozilla Browser = 1.7.3 NNTP code. Product: Mozilla Browser Version: = 1.7.3 Vendor: http://www.mozilla.org/ URL: http://isec.pl/vulnerabilities/isec-0020-mozilla.txt CVE: not assigned Author: Maurycy Prodeus [email protected]...

0.2AI score
Exploits0
FreeBSD
FreeBSD
added 2004/12/29 12:0 a.m.36 views

mozilla -- heap overflow in NNTP handler

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers: Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code o...

5CVSS4.9AI score0.03449EPSS
Exploits1References2
CERT
CERT
added 2004/12/17 12:0 a.m.36 views

Mozilla status elements can be disabled via JavaScript

Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...

10CVSS5.5AI score0.03231EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2004/10/08 12:0 a.m.31 views

Mozilla Multiple Products XPInstall Arbitrary File Overwrite

The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positiv...

4.6CVSS6.1AI score0.00424EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2004/09/14 12:0 a.m.17 views

Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow

source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a hyperlink that references a malicious URI. Successful...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/09/14 12:0 a.m.12 views

Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow

Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a...

0.6AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/23 12:0 a.m.58 views

Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities

Background Mozilla is a popular web browser that includes a mail and newsreader. Galeon and Epiphany are both web browsers that use gecko, the Mozilla rendering engine. Mozilla Firefox is the next-generation browser from the Mozilla project that incorporates advanced features that are yet to be...

10CVSS7.8AI score0.82537EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.13 views

Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)

Binary data 1316.prm...

2.6CVSS7.3AI score0.01523EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.13 views

Mozilla Browser HTTP/HTTPS Redirection Weakness (deprecated)

Binary data 1319.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.14 views

Mozilla Browser 'onclick' Property Cross Domain Violation (deprecated)

Binary data 1323.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.16 views

Mozilla JAR File Decompression Heap Overflow (deprecated)

Binary data 1322.prm...

7.5CVSS7.3AI score0.03663EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.12 views

Mozilla Browser Large HTTP Header Handling Overflow (deprecated)

Binary data 1321.prm...

7.3AI score
Exploits0
NVD
NVD
added 2004/08/18 4:0 a.m.22 views

CVE-2004-0779

The 1 Mozilla 1.6, 2 Firebird 0.7 and 3 Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site...

7.5CVSS6.8AI score0.02109EPSS
Exploits0References4
Cvelist
Cvelist
added 2004/08/14 4:0 a.m.28 views

CVE-2004-0779

The 1 Mozilla 1.6, 2 Firebird 0.7 and 3 Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site...

6.8AI score0.02109EPSS
Exploits0References4
NVD
NVD
added 2004/07/27 4:0 a.m.18 views

CVE-2004-0718

The 1 Mozilla 1.6, 2 Firebird 0.7, 3 Firefox 0.8, and 4 Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability...

7.5CVSS6.1AI score0.01746EPSS
Exploits0References14
Exploit DB
Exploit DB
added 2004/07/26 12:0 a.m.30 views

Mozilla Browser 0.8/0.9/1.x - Refresh Security Property Spoofing

source: https://www.securityfocus.com/bid/10796/info Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site. An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this...

7.4AI score
Exploits0
Rows per page
Query Builder