This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2002-12-31
Product Mozilla Last view 2009-08-31
Version 1.1 Type Application
Update alpha  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mozilla:mozilla

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2009-08-31 CVE-2009-3014

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.

10 2007-04-02 CVE-2007-1794

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.

6.4 2005-12-31 CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

7.5 2005-05-12 CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

5 2005-05-02 CVE-2005-0238

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

2.6 2005-03-23 CVE-2005-0143

Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

7.5 2005-02-08 CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

2.6 2004-12-31 CVE-2004-1451

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

2.6 2004-12-31 CVE-2004-1449

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

4.3 2004-12-31 CVE-2004-1156

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

5.1 2004-12-31 CVE-2004-0909

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

4 2004-12-31 CVE-2004-0908

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

4.6 2004-12-31 CVE-2004-0907

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

4.6 2004-12-31 CVE-2004-0906

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

5 2004-10-18 CVE-2004-1614

Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.

5 2004-10-18 CVE-2004-1613

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

4.6 2004-09-14 CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

7.5 2004-08-18 CVE-2004-0765

The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.

10 2004-08-18 CVE-2004-0764

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.

5 2004-08-18 CVE-2004-0762

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.

5 2004-08-18 CVE-2004-0761

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.

10 2004-08-18 CVE-2004-0757

Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.

10 2004-08-06 CVE-2004-0648

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.

7.5 2004-04-15 CVE-2003-0594

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

6.8 2004-03-15 CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
61032 Epiphany International Domain Name (IDN) Punycode Encoded Domain Name Spoofing
59843 Mozilla Multiple Browsers Cross-domain Browser Window Injection Content Spoofing
59530 Mozilla FTP View URL Title Tag XSS
59026 K-Meleon shell: URI Arbitrary Command Execution
59025 Netscape shell: URI Arbitrary Command Execution
57608 Mozilla Multiple Products HTTP Response Location Header 302 Error HTML Link j...
27569 Mozilla Multiple Products Garbage Collection Temporary Object Handling Arbitr...
20973 Multiple Browser Cross-domain Cookie Sharing
16576 Mozilla Wrapped javascript: URL Restriction Bypass
15382 Mozilla Multiple Malformed HTML Tag Null Dereference DoS
14205 Mozilla File Upload Control Dragged Text Arbitrary File Access
13578 Mozilla Multiple Browser International Domain Name (IDN) Punycode Encoded Dom...
13335 Mozilla Multiple Products Insecure Page Secure Binary Lock Icon Weakness
11136 Mozilla Multiple MARQUEE Tag HTML Parsing DoS
10559 Mozilla Multiple Products XPInstall Arbitrary File Overwrite
10558 Mozilla Multiple Products Signed Script Dialog Modification
10524 Mozilla Multiple Products Javascript Drag and Drop XSS
9965 Mozilla Multiple Products Text Field Script Generation Arbitrary Clipboard Co...
9961 Mozilla Browsers on Linux Installation Permission Weakness
8390 Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution
8311 Mozilla Browsers chrome/XML User Interface Spoofing
8309 Mozilla Browsers XPInstall Security Dialog Arbitrary Extension Installation
8308 Mozilla Browsers Redirect Sequence Security Icon Spoof
8304 Mozilla Browsers cert_TestHostName Certificate Spoofing
8303 Mozilla Browsers SendUidl POP3 Overflow

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5016546.nasl
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5012017.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Linux)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_lin.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Win)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_win.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla)
File : nvt/glsa_200409_26.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-10 (Firefox)
File : nvt/glsa_200503_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla)
File : nvt/glsa_200503_30.nasl
2008-09-04 Name : FreeBSD Ports: mozilla
File : nvt/freebsd_mozilla0.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird0.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird1.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird2.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox9.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox8.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox13.nasl
2005-11-03 Name : Mozilla/Firefox default installation file permission flaw
File : nvt/mozilla_default_perms.nasl
2005-11-03 Name : Mozilla/Firefox user interface spoofing
File : nvt/mozilla_firefox_xul_spoof.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-223-01 Mozilla
File : nvt/esoft_slk_ssa_2004_223_01.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21954 - Type : BROWSER-FIREFOX - Revision : 3
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21953 - Type : BROWSER-FIREFOX - Revision : 7
2014-01-10 Mozilla favicon href javascript execution attempt
RuleID : 20814 - Type : BROWSER-FIREFOX - Revision : 10
2014-01-10 Mozilla Products IDN Spoofing Vulnerability Attempt
RuleID : 17409 - Type : BROWSER-FIREFOX - Revision : 12

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c1d97a8b05ed11d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-361-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-350-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-329-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-327-1.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-146.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-143.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris9_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris8_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119116-35
File: solaris10_x86_119116.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119115-36
File: solaris10_119115.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-384.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-434.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-435.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-134-1.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-149-3.nasl - Type: ACT_GATHER_INFO
2006-01-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-155-1.nasl - Type: ACT_GATHER_INFO
2005-10-24 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2005_016.nasl - Type: ACT_GATHER_INFO
2005-09-12 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-249.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-223-01.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_5360a659131c11d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_730db824e21611d89b0a000347a4fa7d.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_a7e0d783131b11d9bc4a000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_e9f9d2320cb211d98a8a000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b09119856e2a11d99557000a95bc6fae.nasl - Type: ACT_GATHER_INFO