This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2002-06-18
Product Mozilla Last view 2009-08-31
Version 0.9.9 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mozilla:mozilla

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2009-08-31 CVE-2009-3014

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.

10 2007-04-02 CVE-2007-1794

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.

6.4 2005-12-31 CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

7.5 2005-05-12 CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

5 2005-05-02 CVE-2005-0238

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

2.6 2005-03-23 CVE-2005-0143

Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

7.5 2005-02-08 CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

2.6 2004-12-31 CVE-2004-1451

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

2.6 2004-12-31 CVE-2004-1449

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

4.3 2004-12-31 CVE-2004-1156

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

5.1 2004-12-31 CVE-2004-0909

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

4 2004-12-31 CVE-2004-0908

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

4.6 2004-12-31 CVE-2004-0907

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

4.6 2004-12-31 CVE-2004-0906

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

7.5 2004-08-18 CVE-2004-0765

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

10 2004-08-18 CVE-2004-0764

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

5 2004-08-18 CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

5 2004-08-18 CVE-2004-0761

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

10 2004-08-18 CVE-2004-0757

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

10 2004-08-06 CVE-2004-0648

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

6.8 2004-03-15 CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

7.5 2003-10-07 CVE-2003-0791

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

5 2002-12-31 CVE-2002-2338

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

7.5 2002-12-31 CVE-2002-2061

Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

7.5 2002-11-29 CVE-2002-1308

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
50% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77536 Galeon CSS Link Element File Enumeration
77535 Netscape CSS Link Element File Enumeration
61032 Epiphany International Domain Name (IDN) Punycode Encoded Domain Name Spoofing
60247 Mozilla Crafted PNG width / height Handling Overflow
60246 Netscape Crafted PNG width / height Handling Overflow
60245 Mozilla POP3 Client Malformed Message Newline Handling Remote DoS
60244 Netscape POP3 Client Malformed Message Newline Handling Remote DoS
59843 Mozilla Multiple Browsers Cross-domain Browser Window Injection Content Spoofing
59026 K-Meleon shell: URI Arbitrary Command Execution
59025 Netscape shell: URI Arbitrary Command Execution
57608 Mozilla Multiple Products HTTP Response Location Header 302 Error HTML Link j...
27569 Mozilla Multiple Products Garbage Collection Temporary Object Handling Arbitr...
20973 Multiple Browser Cross-domain Cookie Sharing
16576 Mozilla Wrapped javascript: URL Restriction Bypass
15384 Multiple Browser onunload Handler Document Referrer Race Condition
15383 Multiple Browser Zero Width GIF Arbitrary Code Execution
14205 Mozilla File Upload Control Dragged Text Arbitrary File Access
14202 Multiple Browser Malformed .jar Decompression Overflow
14200 Multiple Browser IRC URI Long Channel Name Overflow DoS
14199 Multiple Browser XMLHttpRequest responseText Property Arbitrary File / Direct...
13578 Mozilla Multiple Browser International Domain Name (IDN) Punycode Encoded Dom...
13335 Mozilla Multiple Products Insecure Page Secure Binary Lock Icon Weakness
10559 Mozilla Multiple Products XPInstall Arbitrary File Overwrite
10558 Mozilla Multiple Products Signed Script Dialog Modification
9965 Mozilla Multiple Products Text Field Script Generation Arbitrary Clipboard Co...

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5016546.nasl
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5012017.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Linux)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_lin.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Win)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_win.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla)
File : nvt/glsa_200409_26.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-10 (Firefox)
File : nvt/glsa_200503_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla)
File : nvt/glsa_200503_30.nasl
2008-09-04 Name : FreeBSD Ports: mozilla
File : nvt/freebsd_mozilla0.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird0.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird1.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird2.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox9.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox8.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox13.nasl
2005-11-03 Name : Mozilla/Firefox default installation file permission flaw
File : nvt/mozilla_default_perms.nasl
2005-11-03 Name : Mozilla/Firefox user interface spoofing
File : nvt/mozilla_firefox_xul_spoof.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-223-01 Mozilla
File : nvt/esoft_slk_ssa_2004_223_01.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21954 - Type : BROWSER-FIREFOX - Revision : 3
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21953 - Type : BROWSER-FIREFOX - Revision : 7
2014-01-10 Mozilla favicon href javascript execution attempt
RuleID : 20814 - Type : BROWSER-FIREFOX - Revision : 10
2014-01-10 Mozilla Products IDN Spoofing Vulnerability Attempt
RuleID : 17409 - Type : BROWSER-FIREFOX - Revision : 12
2014-01-10 Mozilla Netscape XMLHttpRequest local file read attempt
RuleID : 1735-community - Type : BROWSER-OTHER - Revision : 13
2014-01-10 Mozilla Netscape XMLHttpRequest local file read attempt
RuleID : 1735 - Type : BROWSER-OTHER - Revision : 13

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2002-074.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c1d97a8b05ed11d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-361-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-350-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-329-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-327-1.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-146.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-143.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris9_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris8_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119116-35
File: solaris10_x86_119116.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119115-36
File: solaris10_119115.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-384.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-434.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-435.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-155-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-134-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-149-3.nasl - Type: ACT_GATHER_INFO
2005-10-24 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2005_016.nasl - Type: ACT_GATHER_INFO
2005-09-12 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-249.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-223-01.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_a7e0d783131b11d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_730db824e21611d89b0a000347a4fa7d.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_5360a659131c11d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b09119856e2a11d99557000a95bc6fae.nasl - Type: ACT_GATHER_INFO