This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2003-10-07
Product Mozilla Last view 2009-08-31
Version 1.4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mozilla:mozilla

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2009-08-31 CVE-2009-3014

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.

10 2007-04-02 CVE-2007-1794

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.

7.5 2006-02-02 CVE-2006-0292

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

6.4 2005-12-31 CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

7.5 2005-07-13 CVE-2005-2270

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

7.5 2005-07-13 CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

2.6 2005-07-13 CVE-2005-2268

Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

5 2005-07-13 CVE-2005-2266

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

5 2005-07-13 CVE-2005-2265

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

5 2005-07-13 CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

7.5 2005-07-13 CVE-2005-2261

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

7.5 2005-07-13 CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.

7.5 2005-05-12 CVE-2005-1532

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

7.5 2005-05-12 CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

5.1 2005-05-02 CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

7.5 2005-05-02 CVE-2005-1159

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

7.5 2005-05-02 CVE-2005-1157

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

7.5 2005-05-02 CVE-2005-1156

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

7.5 2005-05-02 CVE-2005-1155

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."

7.5 2005-05-02 CVE-2005-1154

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."

7.5 2005-05-02 CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

5 2005-05-02 CVE-2005-0590

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

5 2005-05-02 CVE-2005-0588

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

2.6 2005-05-02 CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

2.6 2005-05-02 CVE-2005-0584

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-35 Leverage Executable Code in Nonexecutable Files

SAINT Exploits

Description Link
Mozilla Firefox GIF processing buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77534 Netscape Multiple DHTML Property Manipulation XSS
61032 Epiphany International Domain Name (IDN) Punycode Encoded Domain Name Spoofing
59843 Mozilla Multiple Browsers Cross-domain Browser Window Injection Content Spoofing
59026 K-Meleon shell: URI Arbitrary Command Execution
59025 Netscape shell: URI Arbitrary Command Execution
57608 Mozilla Multiple Products HTTP Response Location Header 302 Error HTML Link j...
27569 Mozilla Multiple Products Garbage Collection Temporary Object Handling Arbitr...
22890 Mozilla Multiple Products JavaScript Engine Crafted Object Memory Corruption
20973 Multiple Browser Cross-domain Cookie Sharing
17970 Mozilla Multiple Browser Base Object Cloning Manipulation Arbitrary Code Exec...
17969 Multiple Browser XHTML IMG Element Node Spoofing
17968 Mozilla Multiple Browsers InstallVersion.compareTo() Access Violation
17966 Mozilla Browsers InstallTrigger.install() Callback Same-origin Violation
17964 Multiple Browser Content-generated Event Multiple Issues
17942 Multiple Browser XBL Controls Arbitrary Script Execution
17913 Mozilla Firefox Multiple DHTML Property Manipulation XSS
17397 Multiple Browser Javascript Dialog Origin Spoofing
16605 Mozilla Javascript eval / Script Object Non-DOM Property Override Privilege E...
16576 Mozilla Wrapped javascript: URL Restriction Bypass
15690 Mozilla Multiple Browser DOM Property Override Privilege Escalation
15689 Mozilla Multiple Browser Install Object Arbitrary Code Execution
15687 Mozilla Multiple Browser Search Plugin Privileged Script Execution (Firesearc...
15686 Mozilla Link Tag favicons Privileged Script Execution (Firelinking)
15685 Mozilla setter Function New Page Persistent XSS
15684 Mozilla Blocked Javascript 'Show' Privileged Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5016546.nasl
2009-10-10 Name : SLES9: Security update for Mozilla
File : nvt/sles9p5012017.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Win)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_win.nasl
2009-09-07 Name : Mozilla Product(s) 'javascript:' URI XSS Vulnerability - Sep09 (Linux)
File : nvt/gb_mozilla_prdts_js_uri_xss_vuln_sep09_lin.nasl
2009-05-05 Name : HP-UX Update for Thunderbird HPSBUX02156
File : nvt/gb_hp_ux_HPSBUX02156.nasl
2009-05-05 Name : HP-UX Update for Mozilla remote HPSBUX01133
File : nvt/gb_hp_ux_HPSBUX01133.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
File : nvt/glsa_200605_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-18 (mozilla)
File : nvt/glsa_200604_18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
File : nvt/glsa_200604_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200507-24 (mozilla)
File : nvt/glsa_200507_24.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-32 (Thunderbird)
File : nvt/glsa_200503_32.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-31 (Firefox)
File : nvt/glsa_200503_31.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla)
File : nvt/glsa_200503_30.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-10 (Firefox)
File : nvt/glsa_200503_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla)
File : nvt/glsa_200409_26.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird2.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird1.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird
File : nvt/freebsd_thunderbird0.nasl
2008-09-04 Name : FreeBSD Ports: mozilla
File : nvt/freebsd_mozilla0.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox9.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox8.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox5.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox18.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox13.nasl
2008-09-04 Name : mozilla -- heap overflow in NNTP handler
File : nvt/freebsd_de-netscape7.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla GIF multipacket heap overflow - ANIMEXTS1.0
RuleID : 6503 - Type : WEB-CLIENT - Revision : 9
2014-01-10 Mozilla GIF single packet heap overflow - ANIMEXTS1.0
RuleID : 6502 - Type : FILE-IMAGE - Revision : 15
2014-01-10 Mozilla GIF multipacket heap overflow - NETSCAPE2.0
RuleID : 3536 - Type : WEB-CLIENT - Revision : 13
2014-01-10 Mozilla GIF single packet heap overflow - NETSCAPE2.0
RuleID : 3534 - Type : FILE-IMAGE - Revision : 26
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21954 - Type : BROWSER-FIREFOX - Revision : 3
2014-01-10 Mozilla Multiple Products HTML href shell attempt
RuleID : 21953 - Type : BROWSER-FIREFOX - Revision : 7
2014-01-10 Mozilla favicon href javascript execution attempt
RuleID : 20814 - Type : BROWSER-FIREFOX - Revision : 10
2014-01-10 Mozilla NNTP URL Handling Buffer Overflow attempt
RuleID : 17482 - Type : BROWSER-FIREFOX - Revision : 13
2014-01-10 Mozilla Products IDN Spoofing Vulnerability Attempt
RuleID : 17409 - Type : BROWSER-FIREFOX - Revision : 12
2014-01-10 Mozilla Firefox JavaScript eval arbitrary code execution attempt
RuleID : 17212 - Type : BROWSER-FIREFOX - Revision : 14
2014-01-10 Mozilla compareTo arbitrary code execution attempt
RuleID : 10131 - Type : BROWSER-FIREFOX - Revision : 10

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-04-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c1d97a8b05ed11d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO
2007-12-21 Name: A web browser on the remote host is prone to multiple flaws.
File: mozilla_firefox_108.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-327-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-329-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-350-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-361-1.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120671-08
File: solaris8_120671.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120671-08
File: solaris9_120671.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-489.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-490.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-143.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2006-146.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris8_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-12-06 Name: The remote host is missing Sun Security Patch number 120672-08
File: solaris9_x86_120672.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119115-36
File: solaris10_119115.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 119116-35
File: solaris10_x86_119116.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1044.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1046.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1051.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-383.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-384.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-386.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-434.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-586.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-601.nasl - Type: ACT_GATHER_INFO