Vulnerabilites related to netscape - navigator
CVE-2004-0904 (GCVE-0-2004-0904)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "mozilla-netscape-bmp-bo(17381)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "11171", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11171" }, { "name": "TA04-261A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10952", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952" }, { "name": "VU#847200", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/847200" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "mozilla-netscape-bmp-bo(17381)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "11171", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11171" }, { "name": "TA04-261A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10952", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952" }, { "name": "VU#847200", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/847200" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "mozilla-netscape-bmp-bo(17381)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381" }, { "name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067" }, { "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "11171", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11171" }, { "name": "TA04-261A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10952", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952" }, { "name": "VU#847200", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/847200" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0904", "datePublished": "2004-09-24T04:00:00", "dateReserved": "2004-09-23T00:00:00", "dateUpdated": "2024-08-08T00:31:47.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-0553 (GCVE-0-2003-0553)
Vulnerability from cvelistv5
Published
2003-07-15 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:10.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-07-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2" }, { "name": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf", "refsource": "MISC", "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0553", "datePublished": "2003-07-15T04:00:00", "dateReserved": "2003-07-14T00:00:00", "dateUpdated": "2024-08-08T01:58:10.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-2542 (GCVE-0-2009-2542)
Vulnerability from cvelistv5
Published
2009-07-20 18:00
Modified
2024-08-07 05:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:52:15.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" }, { "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" }, { "name": "netscape-integer-value-dos(52876)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876" }, { "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" }, { "name": "9160", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/9160" }, { "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" }, { "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" }, { "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" }, { "name": "netscape-integer-value-dos(52876)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876" }, { "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" }, { "name": "9160", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/9160" }, { "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" }, { "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.g-sec.lu/one-bug-to-rule-them-all.html", "refsource": "MISC", "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" }, { "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" }, { "name": "netscape-integer-value-dos(52876)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876" }, { "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" }, { "name": "9160", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9160" }, { "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" }, { "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2542", "datePublished": "2009-07-20T18:00:00", "dateReserved": "2009-07-20T00:00:00", "dateUpdated": "2024-08-07T05:52:15.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-0989 (GCVE-0-2005-0989)
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:35:59.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:100025", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" }, { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "12988", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12988" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "14820", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14820" }, { "name": "19823", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19823" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "1013635", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013635" }, { "name": "RHSA-2005:601", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" }, { "name": "GLSA-200504-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "name": "1013643", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013643" }, { "name": "oval:org.mitre.oval:def:11706", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "SUSE-SA:2006:022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" }, { "name": "14821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14821" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "oval:org.mitre.oval:def:100025", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" }, { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "12988", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12988" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "14820", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14820" }, { "name": "19823", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19823" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "1013635", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013635" }, { "name": "RHSA-2005:601", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" }, { "name": "GLSA-200504-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "name": "1013643", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013643" }, { "name": "oval:org.mitre.oval:def:11706", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "SUSE-SA:2006:022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" }, { "name": "14821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14821" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:100025", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" }, { "name": "RHSA-2005:386", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "12988", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12988" }, { "name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "14820", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14820" }, { "name": "19823", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19823" }, { "name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495" }, { "name": "1013635", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013635" }, { "name": "RHSA-2005:601", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" }, { "name": "GLSA-200504-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "name": "1013643", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013643" }, { "name": "oval:org.mitre.oval:def:11706", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" }, { "name": "RHSA-2005:384", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "RHSA-2005:383", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "SUSE-SA:2006:022", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" }, { "name": "http://www.mozilla.org/security/announce/mfsa2005-33.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" }, { "name": "14821", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14821" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0989", "datePublished": "2005-04-06T04:00:00", "dateReserved": "2005-04-06T00:00:00", "dateUpdated": "2024-08-07T21:35:59.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1308 (GCVE-0-2002-1308)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:19:28.634Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2" }, { "name": "mozilla-netscape-jar-bo(10636)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636" }, { "name": "6185", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6185" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646" }, { "name": "RHSA-2003:163", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html" }, { "name": "RHSA-2003:162", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-08-04T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2" }, { "name": "mozilla-netscape-jar-bo(10636)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636" }, { "name": "6185", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6185" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646" }, { "name": "RHSA-2003:163", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html" }, { "name": "RHSA-2003:162", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1308", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2" }, { "name": "mozilla-netscape-jar-bo(10636)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636" }, { "name": "6185", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6185" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646", "refsource": "MISC", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646" }, { "name": "RHSA-2003:163", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html" }, { "name": "RHSA-2003:162", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1308", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-11-15T00:00:00", "dateUpdated": "2024-08-08T03:19:28.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1156 (GCVE-0-2005-1156)
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:35:59.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "oval:org.mitre.oval:def:11230", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" }, { "name": "14992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14992" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "GLSA-200504-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "name": "oval:org.mitre.oval:def:100020", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mikx.de/firesearching/" }, { "name": "1013745", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013745" }, { "name": "14938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14938" }, { "name": "mozilla-plugin-xss(20125)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "13211", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/13211" }, { "name": "14996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14996" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "oval:org.mitre.oval:def:11230", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" }, { "name": "14992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14992" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "GLSA-200504-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "name": "oval:org.mitre.oval:def:100020", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mikx.de/firesearching/" }, { "name": "1013745", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013745" }, { "name": "14938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14938" }, { "name": "mozilla-plugin-xss(20125)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "13211", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/13211" }, { "name": "14996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14996" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-1156", "datePublished": "2005-04-18T04:00:00", "dateReserved": "2005-04-18T00:00:00", "dateUpdated": "2024-08-07T21:35:59.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1753 (GCVE-0-2004-1753)
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:00:37.238Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/373309" }, { "name": "12392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/12392" }, { "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/373080" }, { "name": "netscape-java-tab-spoofing(17137)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137" }, { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/373232" }, { "name": "11059", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11059" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-08-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/373309" }, { "name": "12392", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/12392" }, { "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/373080" }, { "name": "netscape-java-tab-spoofing(17137)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137" }, { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/373232" }, { "name": "11059", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11059" }, { "tags": [ "x_refsource_MISC" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/373309" }, { "name": "12392", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12392" }, { "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/373080" }, { "name": "netscape-java-tab-spoofing(17137)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137" }, { "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/373232" }, { "name": "11059", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11059" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", "refsource": "MISC", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1753", "datePublished": "2005-02-26T05:00:00", "dateReserved": "2005-02-26T00:00:00", "dateUpdated": "2024-08-08T01:00:37.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0869 (GCVE-0-1999-0869)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:55:28.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS98-020", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MS98-020", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0869", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS98-020", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0869", "datePublished": "2000-01-04T05:00:00", "dateReserved": "1999-12-08T00:00:00", "dateUpdated": "2024-08-01T16:55:28.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0827 (GCVE-0-1999-0827)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:48:38.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-11-30T00:00:00", "descriptions": [ { "lang": "en", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T08:02:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0827", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0827", "datePublished": "2000-02-04T05:00:00", "dateReserved": "1999-12-07T00:00:00", "dateUpdated": "2024-08-01T16:48:38.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0722 (GCVE-0-2004-0722)
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618" }, { "name": "oval:org.mitre.oval:def:9378", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "mozilla-netscape-soapparameter-bo(16862)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862" }, { "name": "oval:org.mitre.oval:def:4629", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-08-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618" }, { "name": "oval:org.mitre.oval:def:9378", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "mozilla-netscape-soapparameter-bo(16862)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862" }, { "name": "oval:org.mitre.oval:def:4629", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0722", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618" }, { "name": "oval:org.mitre.oval:def:9378", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378" }, { "name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495" }, { "name": "mozilla-netscape-soapparameter-bo(16862)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862" }, { "name": "oval:org.mitre.oval:def:4629", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629" }, { "name": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities", "refsource": "MISC", "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0722", "datePublished": "2004-08-03T04:00:00", "dateReserved": "2004-07-22T00:00:00", "dateUpdated": "2024-08-08T00:24:27.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0815 (GCVE-0-2002-0815)
Vulnerability from cvelistv5
Published
2002-08-01 04:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:03:48.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020729 RE: XWT Foundation Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2" }, { "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-07-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020729 RE: XWT Foundation Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2" }, { "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020729 RE: XWT Foundation Advisory", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2" }, { "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0815", "datePublished": "2002-08-01T04:00:00", "dateReserved": "2002-07-30T00:00:00", "dateUpdated": "2024-08-08T03:03:48.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-2013 (GCVE-0-2002-2013)
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:51:16.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3925", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3925" }, { "name": "20020121 Mozilla Cookie Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html" }, { "name": "mozilla-netscape-steal-cookies(7973)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/7973.php" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-07-14T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3925", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3925" }, { "name": "20020121 Mozilla Cookie Exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html" }, { "name": "mozilla-netscape-steal-cookies(7973)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/7973.php" }, { "tags": [ "x_refsource_MISC" ], "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2013", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3925", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3925" }, { "name": "20020121 Mozilla Cookie Exploit", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html" }, { "name": "mozilla-netscape-steal-cookies(7973)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7973.php" }, { "name": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html", "refsource": "MISC", "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2013", "datePublished": "2005-07-14T04:00:00Z", "dateReserved": "2005-07-14T00:00:00Z", "dateUpdated": "2024-09-16T20:12:45.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-1189 (GCVE-0-1999-1189)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-01 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T17:02:53.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "822", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/822" }, { "name": "netscape-long-argument-bo(7884)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884" }, { "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/36608" }, { "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/36306" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1999-11-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-07-23T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "822", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/822" }, { "name": "netscape-long-argument-bo(7884)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884" }, { "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/36608" }, { "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/36306" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-1189", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "822", "refsource": "BID", "url": "http://www.securityfocus.com/bid/822" }, { "name": "netscape-long-argument-bo(7884)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884" }, { "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/36608" }, { "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/36306" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-1189", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2001-08-31T00:00:00", "dateUpdated": "2024-08-01T17:02:53.765Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-0087 (GCVE-0-2000-0087)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:05:53.921Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20000113 Misleading sense of security in Netscape", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2" }, { "name": "netscape-mail-notify-plaintext(4385)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/4385.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-02-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20000113 Misleading sense of security in Netscape", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2" }, { "name": "netscape-mail-notify-plaintext(4385)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/4385.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-0087", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20000113 Misleading sense of security in Netscape", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2" }, { "name": "netscape-mail-notify-plaintext(4385)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/4385.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-0087", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2000-01-22T00:00:00", "dateUpdated": "2024-08-08T05:05:53.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1419 (GCVE-0-2003-1419)
Vulnerability from cvelistv5
Published
2007-10-20 10:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:28:03.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" }, { "name": "6959", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6959" }, { "name": "netscape-javascript-reformatdate-dos(11444)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" }, { "name": "6959", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6959" }, { "name": "netscape-javascript-reformatdate-dos(11444)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" }, { "name": "6959", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6959" }, { "name": "netscape-javascript-reformatdate-dos(11444)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1419", "datePublished": "2007-10-20T10:00:00", "dateReserved": "2007-10-19T00:00:00", "dateUpdated": "2024-08-08T02:28:03.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-2061 (GCVE-0-2002-2061)
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:51:17.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "MDKSA-2002:074", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202" }, { "name": "links-png-image-bo(9287)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/9287.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-05-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-10-18T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "MDKSA-2002:074", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202" }, { "name": "links-png-image-bo(9287)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/9287.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2061", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "MDKSA-2002:074", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202" }, { "name": "links-png-image-bo(9287)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9287.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2061", "datePublished": "2005-07-14T04:00:00", "dateReserved": "2005-07-14T00:00:00", "dateUpdated": "2024-08-08T03:51:17.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0718 (GCVE-0-2004-0718)
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.203Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-810" }, { "name": "DSA-777", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-777" }, { "name": "http-frame-spoof(1598)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "name": "MDKSA-2004:082", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "11978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/11978" }, { "name": "oval:org.mitre.oval:def:4756", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "name": "oval:org.mitre.oval:def:9997", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-07-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-810" }, { "name": "DSA-777", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-777" }, { "name": "http-frame-spoof(1598)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "name": "MDKSA-2004:082", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "name": "11978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/11978" }, { "name": "oval:org.mitre.oval:def:4756", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "name": "oval:org.mitre.oval:def:9997", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-810", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-810" }, { "name": "DSA-777", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-777" }, { "name": "http-frame-spoof(1598)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "name": "SCOSA-2005.49", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "RHSA-2004:421", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "name": "MDKSA-2004:082", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082" }, { "name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "15495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15495" }, { "name": "11978", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11978" }, { "name": "oval:org.mitre.oval:def:4756", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448" }, { "name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", "refsource": "MISC", "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "name": "oval:org.mitre.oval:def:9997", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0718", "datePublished": "2004-07-23T04:00:00", "dateReserved": "2004-07-22T00:00:00", "dateUpdated": "2024-08-08T00:24:27.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1560 (GCVE-0-2003-1560)
Vulnerability from cvelistv5
Published
2008-07-14 23:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:35:16.506Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "4004", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4004" }, { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/348574" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-12-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-01-29T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "4004", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4004" }, { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/348574" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1560", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "4004", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4004" }, { "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/348574" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1560", "datePublished": "2008-07-14T23:00:00", "dateReserved": "2008-07-14T00:00:00", "dateUpdated": "2024-08-08T02:35:16.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2000-1187 (GCVE-0-2000-1187)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T05:45:37.393Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FreeBSD-SA-00:66", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc" }, { "name": "SuSE-SA:2000:48", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html" }, { "name": "netscape-client-html-bo(5542)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542" }, { "name": "20001121 Immunix OS Security update for netscape", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2" }, { "name": "7207", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/7207" }, { "name": "CLSA-2000:344", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344" }, { "name": "RHSA-2000:109", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2000-11-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "FreeBSD-SA-00:66", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc" }, { "name": "SuSE-SA:2000:48", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html" }, { "name": "netscape-client-html-bo(5542)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542" }, { "name": "20001121 Immunix OS Security update for netscape", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2" }, { "name": "7207", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/7207" }, { "name": "CLSA-2000:344", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344" }, { "name": "RHSA-2000:109", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2000-1187", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "FreeBSD-SA-00:66", "refsource": "FREEBSD", "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc" }, { "name": "SuSE-SA:2000:48", "refsource": "SUSE", "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html" }, { "name": "netscape-client-html-bo(5542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542" }, { "name": "20001121 Immunix OS Security update for netscape", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2" }, { "name": "7207", "refsource": "OSVDB", "url": "http://www.osvdb.org/7207" }, { "name": "CLSA-2000:344", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344" }, { "name": "RHSA-2000:109", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2000-1187", "datePublished": "2001-01-22T05:00:00", "dateReserved": "2000-12-14T00:00:00", "dateUpdated": "2024-08-08T05:45:37.393Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0142 (GCVE-0-1999-0142)
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:27:57.727Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T06:46:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0142", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0142", "datePublished": "2000-06-02T04:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:27:57.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0528 (GCVE-0-2004-0528)
Vulnerability from cvelistv5
Published
2004-06-08 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:26.374Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "10389", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/10389" }, { "name": "6580", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/6580" }, { "name": "ie-ahref-url-spoofing(16102)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-05-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "10389", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/10389" }, { "name": "6580", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/6580" }, { "name": "ie-ahref-url-spoofing(16102)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0528", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "10389", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10389" }, { "name": "6580", "refsource": "OSVDB", "url": "http://www.osvdb.org/6580" }, { "name": "ie-ahref-url-spoofing(16102)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0528", "datePublished": "2004-06-08T04:00:00", "dateReserved": "2004-06-03T00:00:00", "dateUpdated": "2024-08-08T00:24:26.374Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-4042 (GCVE-0-2007-4042)
Vulnerability from cvelistv5
Published
2007-07-27 22:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:37:06.030Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" }, { "name": "46832", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/46832" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-07-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" }, { "name": "46832", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/46832" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4042", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/", "refsource": "MISC", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" }, { "name": "46832", "refsource": "OSVDB", "url": "http://osvdb.org/46832" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4042", "datePublished": "2007-07-27T22:00:00", "dateReserved": "2007-07-27T00:00:00", "dateUpdated": "2024-08-07T14:37:06.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0141 (GCVE-0-1999-0141)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:27:57.867Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "00134", "tags": [ "vendor-advisory", "x_refsource_SUN", "x_transferred" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "00134", "tags": [ "vendor-advisory", "x_refsource_SUN" ], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0141", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "00134", "refsource": "SUN", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0141", "datePublished": "1999-09-29T04:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:27:57.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0440 (GCVE-0-1999-0440)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-01 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:41:44.840Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1939", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/1939" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://java.sun.com/pr/1999/03/pr990329-01.html" }, { "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-02T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1939", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/1939" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://java.sun.com/pr/1999/03/pr990329-01.html" }, { "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0440", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1939", "refsource": "BID", "url": "http://www.securityfocus.com/bid/1939" }, { "name": "http://java.sun.com/pr/1999/03/pr990329-01.html", "refsource": "CONFIRM", "url": "http://java.sun.com/pr/1999/03/pr990329-01.html" }, { "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0440", "datePublished": "2000-10-13T04:00:00", "dateReserved": "1999-06-07T00:00:00", "dateUpdated": "2024-08-01T16:41:44.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-1377 (GCVE-0-2007-1377)
Vulnerability from cvelistv5
Published
2007-03-10 00:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html" }, { "name": "adobe-acropdf-dos(32896)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896" }, { "name": "22856", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22856" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html" }, { "name": "adobe-acropdf-dos(32896)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896" }, { "name": "22856", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22856" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1377", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html", "refsource": "MISC", "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html" }, { "name": "adobe-acropdf-dos(32896)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896" }, { "name": "22856", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22856" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1377", "datePublished": "2007-03-10T00:00:00", "dateReserved": "2007-03-09T00:00:00", "dateUpdated": "2024-08-07T12:50:35.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-4134 (GCVE-0-2005-4134)
Vulnerability from cvelistv5
Published
2005-12-09 15:00
Modified
2024-08-07 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:31:49.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:036", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" }, { "name": "USN-275-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/275-1/" }, { "name": "19902", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19902" }, { "name": "21533", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/21533" }, { "name": "MDKSA-2006:037", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" }, { "name": "17944", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17944" }, { "name": "HPSBUX02122", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "19941", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19941" }, { "name": "17946", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17946" }, { "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2" }, { "name": "FEDORA-2006-075", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" }, { "name": "GLSA-200604-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" }, { "name": "21622", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21622" }, { "name": "19862", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19862" }, { "name": "19230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19230" }, { "name": "18704", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18704" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.networksecurity.fi/advisories/netscape-history.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" }, { "name": "DSA-1051", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1051" }, { "name": "18709", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18709" }, { "name": "USN-271-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/271-1/" }, { "name": "18705", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18705" }, { "name": "GLSA-200604-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" }, { "name": "16476", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/16476" }, { "name": "ADV-2006-0413", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/0413" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html" }, { "name": "1015328", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015328" }, { "name": "19746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19746" }, { "name": "21033", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21033" }, { "name": "18700", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18700" }, { "name": "102550", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" }, { "name": "19759", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19759" }, { "name": "RHSA-2006:0200", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" }, { "name": "18706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18706" }, { "name": "17934", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17934" }, { "name": "SSRT061158", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "15773", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15773" }, { "name": "FEDORA-2006-076", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mozilla.org/security/history-title.html" }, { "name": "RHSA-2006:0199", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" }, { "name": "19863", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19863" }, { "name": "FLSA-2006:180036-2", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:11382", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" }, { "name": "20060201-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" }, { "name": "SCOSA-2006.26", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" }, { "name": "18708", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18708" }, { "name": "ADV-2005-2805", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2005/2805" }, { "name": "FLSA:180036-1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1619", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" }, { "name": "20051208 re: Firefox 1.5 buffer overflow (poc)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2" }, { "name": "228526", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" }, { "name": "19852", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19852" }, { "name": "ADV-2006-3391", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3391" }, { "name": "DSA-1046", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1046" }, { "name": "DSA-1044", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1044" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MDKSA-2006:036", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" }, { "name": "USN-275-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/275-1/" }, { "name": "19902", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19902" }, { "name": "21533", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/21533" }, { "name": "MDKSA-2006:037", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" }, { "name": "17944", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17944" }, { "name": "HPSBUX02122", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "19941", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19941" }, { "name": "17946", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17946" }, { "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2" }, { "name": "FEDORA-2006-075", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" }, { "name": "GLSA-200604-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" }, { "name": "21622", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21622" }, { "name": "19862", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19862" }, { "name": "19230", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19230" }, { "name": "18704", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18704" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.networksecurity.fi/advisories/netscape-history.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" }, { "name": "DSA-1051", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1051" }, { "name": "18709", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18709" }, { "name": "USN-271-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/271-1/" }, { "name": "18705", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18705" }, { "name": "GLSA-200604-18", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" }, { "name": "16476", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/16476" }, { "name": "ADV-2006-0413", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/0413" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html" }, { "name": "1015328", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015328" }, { "name": "19746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19746" }, { "name": "21033", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21033" }, { "name": "18700", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18700" }, { "name": "102550", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" }, { "name": "19759", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19759" }, { "name": "RHSA-2006:0200", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" }, { "name": "18706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18706" }, { "name": "17934", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17934" }, { "name": "SSRT061158", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "15773", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15773" }, { "name": "FEDORA-2006-076", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mozilla.org/security/history-title.html" }, { "name": "RHSA-2006:0199", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" }, { "name": "19863", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19863" }, { "name": "FLSA-2006:180036-2", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:11382", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" }, { "name": "20060201-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" }, { "name": "SCOSA-2006.26", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" }, { "name": "18708", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18708" }, { "name": "ADV-2005-2805", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2005/2805" }, { "name": "FLSA:180036-1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1619", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" }, { "name": "20051208 re: Firefox 1.5 buffer overflow (poc)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2" }, { "name": "228526", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" }, { "name": "19852", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19852" }, { "name": "ADV-2006-3391", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3391" }, { "name": "DSA-1046", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1046" }, { "name": "DSA-1044", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1044" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4134", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDKSA-2006:036", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" }, { "name": "USN-275-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/275-1/" }, { "name": "19902", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19902" }, { "name": "21533", "refsource": "OSVDB", "url": "http://www.osvdb.org/21533" }, { "name": "MDKSA-2006:037", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" }, { "name": "17944", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17944" }, { "name": "HPSBUX02122", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "19941", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19941" }, { "name": "17946", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17946" }, { "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2" }, { "name": "FEDORA-2006-075", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" }, { "name": "GLSA-200604-12", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" }, { "name": "21622", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21622" }, { "name": "19862", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19862" }, { "name": "19230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19230" }, { "name": "18704", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18704" }, { "name": "http://www.networksecurity.fi/advisories/netscape-history.html", "refsource": "MISC", "url": "http://www.networksecurity.fi/advisories/netscape-history.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" }, { "name": "DSA-1051", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1051" }, { "name": "18709", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18709" }, { "name": "USN-271-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/271-1/" }, { "name": "18705", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18705" }, { "name": "GLSA-200604-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" }, { "name": "16476", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16476" }, { "name": "ADV-2006-0413", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0413" }, { "name": "http://www.mozilla.org/security/announce/mfsa2006-03.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html" }, { "name": "1015328", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015328" }, { "name": "19746", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19746" }, { "name": "21033", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21033" }, { "name": "18700", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18700" }, { "name": "102550", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" }, { "name": "19759", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19759" }, { "name": "RHSA-2006:0200", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" }, { "name": "18706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18706" }, { "name": "17934", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17934" }, { "name": "SSRT061158", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "name": "15773", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15773" }, { "name": "FEDORA-2006-076", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" }, { "name": "http://www.mozilla.org/security/history-title.html", "refsource": "MISC", "url": "http://www.mozilla.org/security/history-title.html" }, { "name": "RHSA-2006:0199", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" }, { "name": "19863", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19863" }, { "name": "FLSA-2006:180036-2", "refsource": "FEDORA", "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:11382", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" }, { "name": "20060201-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" }, { "name": "SCOSA-2006.26", "refsource": "SCO", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" }, { "name": "18708", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18708" }, { "name": "ADV-2005-2805", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2805" }, { "name": "FLSA:180036-1", "refsource": "FEDORA", "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:1619", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" }, { "name": "20051208 re: Firefox 1.5 buffer overflow (poc)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2" }, { "name": "228526", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" }, { "name": "19852", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19852" }, { "name": "ADV-2006-3391", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3391" }, { "name": "DSA-1046", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1046" }, { "name": "DSA-1044", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1044" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4134", "datePublished": "2005-12-09T15:00:00", "dateReserved": "2005-12-09T00:00:00", "dateUpdated": "2024-08-07T23:31:49.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0593 (GCVE-0-2002-0593)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:56:37.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "8039", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/8039" }, { "name": "mozilla-netscape-irc-bo(8976)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/8976.php" }, { "name": "CLA-2002:490", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "4637", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/4637" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/270249" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-11-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "8039", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/8039" }, { "name": "mozilla-netscape-irc-bo(8976)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/8976.php" }, { "name": "CLA-2002:490", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "4637", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/4637" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/270249" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0593", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "8039", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/8039" }, { "name": "mozilla-netscape-irc-bo(8976)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8976.php" }, { "name": "CLA-2002:490", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "4637", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4637" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/270249" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0593", "datePublished": "2002-06-11T04:00:00", "dateReserved": "2002-06-11T00:00:00", "dateUpdated": "2024-08-08T02:56:37.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-1160 (GCVE-0-2004-1160)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:39:01.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "11852", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11852" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "name": "13402", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/13402/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-12-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "11852", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11852" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "name": "13402", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/13402/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", "refsource": "MISC", "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "name": "11852", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11852" }, { "name": "http://secunia.com/secunia_research/2004-13/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "name": "13402", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13402/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1160", "datePublished": "2004-12-10T05:00:00", "dateReserved": "2004-12-08T00:00:00", "dateUpdated": "2024-08-08T00:39:01.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2894 (GCVE-0-2006-2894)
Vulnerability from cvelistv5
Published
2006-06-07 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:06:27.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20071026 rPSA-2007-0225-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" }, { "name": "MDKSA-2006:145", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lcamtuf.coredump.cx/focusbug/" }, { "name": "27414", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27414" }, { "name": "20071029 FLEA-2007-0062-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1858" }, { "name": "ADV-2006-2163", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2163" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" }, { "name": "1059", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/1059" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "27298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27298" }, { "name": "1018837", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018837" }, { "name": "ADV-2007-3544", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3544" }, { "name": "20470", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20470" }, { "name": "USN-535-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/535-1/" }, { "name": "20472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20472" }, { "name": "20467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20467" }, { "name": "ADV-2006-2160", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2160" }, { "name": "27383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27383" }, { "name": "SUSE-SA:2007:057", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" }, { "name": "21532", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21532" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "27387", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27387" }, { "name": "ADV-2006-2164", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2164" }, { "name": "18308", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18308" }, { "name": "27403", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27403" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" }, { "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" }, { "name": "ADV-2006-2162", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2162" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.thanhngan.org/fflinuxversion.html" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "MDKSA-2007:202", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" }, { "name": "27335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27335" }, { "name": "FEDORA-2007-2664", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" }, { "name": "MDKSA-2006:143", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "20442", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20442" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gnucitizen.org/blog/browser-focus-rip" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" }, { "name": "201516", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" }, { "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" }, { "name": "USN-536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-536-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20071026 rPSA-2007-0225-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" }, { "name": "MDKSA-2006:145", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lcamtuf.coredump.cx/focusbug/" }, { "name": "27414", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27414" }, { "name": "20071029 FLEA-2007-0062-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1858" }, { "name": "ADV-2006-2163", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2163" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" }, { "name": "1059", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/1059" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "27298", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27298" }, { "name": "1018837", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018837" }, { "name": "ADV-2007-3544", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/3544" }, { "name": "20470", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20470" }, { "name": "USN-535-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/535-1/" }, { "name": "20472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20472" }, { "name": "20467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20467" }, { "name": "ADV-2006-2160", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2160" }, { "name": "27383", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27383" }, { "name": "SUSE-SA:2007:057", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" }, { "name": "21532", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21532" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "27387", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27387" }, { "name": "ADV-2006-2164", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2164" }, { "name": "18308", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18308" }, { "name": "27403", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27403" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" }, { "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" }, { "name": "ADV-2006-2162", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2162" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.thanhngan.org/fflinuxversion.html" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "MDKSA-2007:202", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" }, { "name": "27335", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27335" }, { "name": "FEDORA-2007-2664", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" }, { "name": "MDKSA-2006:143", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "20442", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20442" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.gnucitizen.org/blog/browser-focus-rip" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" }, { "name": "201516", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" }, { "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" }, { "name": "USN-536-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-536-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2894", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20071026 rPSA-2007-0225-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" }, { "name": "MDKSA-2006:145", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "name": "http://lcamtuf.coredump.cx/focusbug/", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/focusbug/" }, { "name": "27414", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27414" }, { "name": "20071029 FLEA-2007-0062-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" }, { "name": "https://issues.rpath.com/browse/RPL-1858", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1858" }, { "name": "ADV-2006-2163", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2163" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" }, { "name": "1059", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1059" }, { "name": "HPSBUX02153", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "27298", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27298" }, { "name": "1018837", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018837" }, { "name": "ADV-2007-3544", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3544" }, { "name": "20470", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20470" }, { "name": "USN-535-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/535-1/" }, { "name": "20472", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20472" }, { "name": "20467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20467" }, { "name": "ADV-2006-2160", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2160" }, { "name": "27383", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27383" }, { "name": "SUSE-SA:2007:057", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" }, { "name": "21532", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21532" }, { "name": "ADV-2008-0083", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "27387", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27387" }, { "name": "ADV-2006-2164", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2164" }, { "name": "18308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18308" }, { "name": "27403", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27403" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" }, { "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" }, { "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", "refsource": "FULLDISC", "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" }, { "name": "ADV-2006-2162", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2162" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" }, { "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" }, { "name": "20060605 file upload widgets in IE and Firefox have issues", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "name": "http://www.thanhngan.org/fflinuxversion.html", "refsource": "MISC", "url": "http://www.thanhngan.org/fflinuxversion.html" }, { "name": "SSRT061181", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "MDKSA-2007:202", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" }, { "name": "27335", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27335" }, { "name": "FEDORA-2007-2664", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" }, { "name": "MDKSA-2006:143", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "20442", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20442" }, { "name": "http://www.gnucitizen.org/blog/browser-focus-rip", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/browser-focus-rip" }, { "name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" }, { "name": "201516", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" }, { "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" }, { "name": "USN-536-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-536-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2894", "datePublished": "2006-06-07T10:00:00", "dateReserved": "2006-06-07T00:00:00", "dateUpdated": "2024-08-07T18:06:27.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2005-1157 (GCVE-0-2005-1157)
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:36:00.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "14992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14992" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO", "x_transferred" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15495" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mikx.de/firesearching/" }, { "name": "14938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14938" }, { "name": "mozilla-plugin-xss(20125)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "oval:org.mitre.oval:def:9961", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "13211", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/13211" }, { "name": "14996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14996" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2005:386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "name": "14992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14992" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "name": "SCOSA-2005.49", "tags": [ "vendor-advisory", "x_refsource_SCO" ], "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "name": "15495", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15495" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mikx.de/firesearching/" }, { "name": "14938", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14938" }, { "name": "mozilla-plugin-xss(20125)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "name": "RHSA-2005:384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "name": "oval:org.mitre.oval:def:9961", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961" }, { "name": "RHSA-2005:383", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "name": "13211", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/13211" }, { "name": "14996", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14996" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-1157", "datePublished": "2005-04-18T04:00:00", "dateReserved": "2005-04-18T00:00:00", "dateUpdated": "2024-08-07T21:36:00.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-2613 (GCVE-0-2006-2613)
Vulnerability from cvelistv5
Published
2006-05-26 01:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:58:51.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2006:145", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "name": "20244", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20244" }, { "name": "mozilla-javascript-path-disclosure(26667)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667" }, { "name": "20255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20255" }, { "name": "21532", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21532" }, { "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded" }, { "name": "20256", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547" }, { "name": "MDKSA-2006:143", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "960", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/960" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-05-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MDKSA-2006:145", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "name": "20244", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20244" }, { "name": "mozilla-javascript-path-disclosure(26667)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667" }, { "name": "20255", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20255" }, { "name": "21532", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21532" }, { "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded" }, { "name": "20256", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547" }, { "name": "MDKSA-2006:143", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "960", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/960" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2613", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDKSA-2006:145", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "name": "20244", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20244" }, { "name": "mozilla-javascript-path-disclosure(26667)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667" }, { "name": "20255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20255" }, { "name": "21532", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21532" }, { "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded" }, { "name": "20256", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20256" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645" }, { "name": "https://bugzilla.mozilla.org/attachment.cgi?id=164547", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547" }, { "name": "MDKSA-2006:143", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "name": "960", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/960" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2613", "datePublished": "2006-05-26T01:00:00", "dateReserved": "2006-05-25T00:00:00", "dateUpdated": "2024-08-07T17:58:51.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-2338 (GCVE-0-2002-2338)
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:59:11.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/276946" }, { "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/276628" }, { "name": "MDKSA-2002:074", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228" }, { "name": "5002", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5002" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "mozilla-netscape-pop3-dos(9343)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/9343.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-10-29T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/276946" }, { "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/276628" }, { "name": "MDKSA-2002:074", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228" }, { "name": "5002", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5002" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "mozilla-netscape-pop3-dos(9343)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/9343.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2338", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/276946" }, { "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/276628" }, { "name": "MDKSA-2002:074", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228" }, { "name": "5002", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5002" }, { "name": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html", "refsource": "CONFIRM", "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "name": "mozilla-netscape-pop3-dos(9343)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9343.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2338", "datePublished": "2007-10-29T19:00:00Z", "dateReserved": "2007-10-29T00:00:00Z", "dateUpdated": "2024-09-16T20:06:54.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2004-0905 (GCVE-0-2004-0905)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:31:47.854Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#651928", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/651928" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10378", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378" }, { "name": "11177", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/11177" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "mozilla-netscape-sameorigin-bypass(17374)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374" }, { "name": "TA04-261A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#651928", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/651928" }, { "name": "SUSE-SA:2004:036", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862" }, { "name": "FLSA:2089", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10378", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378" }, { "name": "11177", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/11177" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "mozilla-netscape-sameorigin-bypass(17374)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374" }, { "name": "TA04-261A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0905", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#651928", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/651928" }, { "name": "SUSE-SA:2004:036", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862" }, { "name": "FLSA:2089", "refsource": "FEDORA", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10378", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378" }, { "name": "11177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11177" }, { "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "name": "GLSA-200409-26", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "name": "mozilla-netscape-sameorigin-bypass(17374)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374" }, { "name": "TA04-261A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "name": "SSRT4826", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0905", "datePublished": "2004-09-24T04:00:00", "dateReserved": "2004-09-23T00:00:00", "dateUpdated": "2024-08-08T00:31:47.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2007-3924 (GCVE-0-2007-3924)
Vulnerability from cvelistv5
Published
2007-07-21 00:00
Modified
2024-09-17 00:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:37:05.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739" }, { "name": "26082", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26082" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-07-21T00:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739" }, { "name": "26082", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26082" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3924", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://sla.ckers.org/forum/read.php?3,13732,13739", "refsource": "MISC", "url": "http://sla.ckers.org/forum/read.php?3,13732,13739" }, { "name": "26082", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26082" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3924", "datePublished": "2007-07-21T00:00:00Z", "dateReserved": "2007-07-20T00:00:00Z", "dateUpdated": "2024-09-17T00:55:56.386Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2008-2809 (GCVE-0-2008-2809)
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:14:14.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SA:2008:034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" }, { "name": "RHSA-2008:0549", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" }, { "name": "DSA-1697", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1697" }, { "name": "31021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31021" }, { "name": "30898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30898" }, { "name": "31403", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31403" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-2646" }, { "name": "30949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30949" }, { "name": "SSA:2008-191-03", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152" }, { "name": "ADV-2009-0977", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0977" }, { "name": "31069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31069" }, { "name": "31008", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31008" }, { "name": "31377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31377" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261" }, { "name": "RHSA-2008:0616", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" }, { "name": "3498", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3498" }, { "name": "ADV-2008-1993", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1993/references" }, { "name": "31023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31023" }, { "name": "MDVSA-2008:155", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" }, { "name": "30038", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30038" }, { "name": "DSA-1607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1607" }, { "name": "GLSA-200808-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" }, { "name": "31005", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31005" }, { "name": "33433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33433" }, { "name": "FEDORA-2008-6127", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" }, { "name": "1020419", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020419" }, { "name": "31253", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31253" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" }, { "name": "FEDORA-2008-6737", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" }, { "name": "31183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31183" }, { "name": "30903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30903" }, { "name": "RHSA-2008:0547", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" }, { "name": "FEDORA-2008-6193", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" }, { "name": "USN-629-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-629-1" }, { "name": "256408", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" }, { "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" }, { "name": "SSA:2008-191", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347" }, { "name": "SSA:2008-210-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484" }, { "name": "DSA-1615", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1615" }, { "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded" }, { "name": "FEDORA-2008-6706", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" }, { "name": "31220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31220" }, { "name": "31195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31195" }, { "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" }, { "name": "oval:org.mitre.oval:def:10205", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205" }, { "name": "31076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31076" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html" }, { "name": "USN-619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-619-1" }, { "name": "30911", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30911" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181" }, { "name": "RHSA-2008:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" }, { "name": "30878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30878" }, { "name": "DSA-1621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2008/dsa-1621" }, { "name": "20080708 rPSA-2008-0216-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" }, { "name": "1018979", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1018979" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" }, { "name": "mozilla-altnames-spoofing(43524)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524" }, { "name": "31286", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31286" }, { "name": "FEDORA-2008-6196", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" }, { "name": "34501", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34501" }, { "name": "MDVSA-2008:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-11-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SUSE-SA:2008:034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" }, { "name": "RHSA-2008:0549", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" }, { "name": "DSA-1697", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1697" }, { "name": "31021", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31021" }, { "name": "30898", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30898" }, { "name": "31403", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31403" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-2646" }, { "name": "30949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30949" }, { "name": "SSA:2008-191-03", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152" }, { "name": "ADV-2009-0977", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0977" }, { "name": "31069", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31069" }, { "name": "31008", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31008" }, { "name": "31377", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31377" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261" }, { "name": "RHSA-2008:0616", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" }, { "name": "3498", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3498" }, { "name": "ADV-2008-1993", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1993/references" }, { "name": "31023", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31023" }, { "name": "MDVSA-2008:155", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" }, { "name": "30038", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30038" }, { "name": "DSA-1607", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1607" }, { "name": "GLSA-200808-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" }, { "name": "31005", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31005" }, { "name": "33433", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33433" }, { "name": "FEDORA-2008-6127", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" }, { "name": "1020419", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020419" }, { "name": "31253", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31253" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" }, { "name": "FEDORA-2008-6737", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" }, { "name": "31183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31183" }, { "name": "30903", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30903" }, { "name": "RHSA-2008:0547", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" }, { "name": "FEDORA-2008-6193", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" }, { "name": "USN-629-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-629-1" }, { "name": "256408", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" }, { "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" }, { "name": "SSA:2008-191", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347" }, { "name": "SSA:2008-210-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484" }, { "name": "DSA-1615", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1615" }, { "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded" }, { "name": "FEDORA-2008-6706", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" }, { "name": "31220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31220" }, { "name": "31195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31195" }, { "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" }, { "name": "oval:org.mitre.oval:def:10205", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205" }, { "name": "31076", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31076" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html" }, { "name": "USN-619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-619-1" }, { "name": "30911", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30911" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181" }, { "name": "RHSA-2008:0569", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" }, { "name": "30878", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30878" }, { "name": "DSA-1621", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2008/dsa-1621" }, { "name": "20080708 rPSA-2008-0216-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" }, { "name": "1018979", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1018979" }, { "tags": [ "x_refsource_MISC" ], "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" }, { "name": "mozilla-altnames-spoofing(43524)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524" }, { "name": "31286", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31286" }, { "name": "FEDORA-2008-6196", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" }, { "name": "34501", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34501" }, { "name": "MDVSA-2008:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-2809", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SA:2008:034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" }, { "name": "RHSA-2008:0549", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" }, { "name": "DSA-1697", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1697" }, { "name": "31021", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31021" }, { "name": "30898", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30898" }, { "name": "31403", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31403" }, { "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" }, { "name": "https://issues.rpath.com/browse/RPL-2646", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2646" }, { "name": "30949", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30949" }, { "name": "SSA:2008-191-03", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152" }, { "name": "ADV-2009-0977", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0977" }, { "name": "31069", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31069" }, { "name": "31008", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31008" }, { "name": "31377", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31377" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261" }, { "name": "RHSA-2008:0616", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" }, { "name": "3498", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3498" }, { "name": "ADV-2008-1993", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1993/references" }, { "name": "31023", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31023" }, { "name": "MDVSA-2008:155", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" }, { "name": "30038", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30038" }, { "name": "DSA-1607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1607" }, { "name": "GLSA-200808-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" }, { "name": "31005", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31005" }, { "name": "33433", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33433" }, { "name": "FEDORA-2008-6127", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" }, { "name": "1020419", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020419" }, { "name": "31253", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31253" }, { "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", "refsource": "CONFIRM", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" }, { "name": "FEDORA-2008-6737", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" }, { "name": "31183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31183" }, { "name": "30903", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30903" }, { "name": "RHSA-2008:0547", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" }, { "name": "FEDORA-2008-6193", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" }, { "name": "USN-629-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-629-1" }, { "name": "256408", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" }, { "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" }, { "name": "SSA:2008-191", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347" }, { "name": "SSA:2008-210-05", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484" }, { "name": "DSA-1615", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1615" }, { "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded" }, { "name": "FEDORA-2008-6706", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" }, { "name": "31220", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31220" }, { "name": "31195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31195" }, { "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" }, { "name": "oval:org.mitre.oval:def:10205", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205" }, { "name": "31076", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31076" }, { "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html" }, { "name": "USN-619-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-619-1" }, { "name": "30911", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30911" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181" }, { "name": "RHSA-2008:0569", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" }, { "name": "30878", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30878" }, { "name": "DSA-1621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1621" }, { "name": "20080708 rPSA-2008-0216-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" }, { "name": "1018979", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018979" }, { "name": "http://nils.toedtmann.net/pub/subjectAltName.txt", "refsource": "MISC", "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" }, { "name": "mozilla-altnames-spoofing(43524)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524" }, { "name": "31286", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31286" }, { "name": "FEDORA-2008-6196", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" }, { "name": "34501", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34501" }, { "name": "MDVSA-2008:136", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-2809", "datePublished": "2008-07-08T23:00:00", "dateReserved": "2008-06-20T00:00:00", "dateUpdated": "2024-08-07T09:14:14.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0354 (GCVE-0-2002-0354)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:49:27.374Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2" }, { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2" }, { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_NTBUGTRAQ" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2" }, { "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "refsource": "NTBUGTRAQ", "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0354", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2024-08-08T02:49:27.374Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-6077 (GCVE-0-2006-6077)
Vulnerability from cvelistv5
Published
2006-11-24 17:00
Modified
2024-08-07 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:12:31.622Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2007:0078", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/" }, { "name": "oval:org.mitre.oval:def:10031", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031" }, { "name": "24395", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24395" }, { "name": "20070226 rPSA-2007-0040-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" }, { "name": "24328", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24328" }, { "name": "RHSA-2007:0108", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" }, { "name": "GLSA-200703-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" }, { "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded" }, { "name": "GLSA-200703-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" }, { "name": "23046", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23046" }, { "name": "24384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24384" }, { "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded" }, { "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded" }, { "name": "24457", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24457" }, { "name": "firefox-passwordmgr-information-disclosure(30470)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470" }, { "name": "24343", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24343" }, { "name": "DSA-1336", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2007/dsa-1336" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "1017271", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017271" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" }, { "name": "ADV-2007-0718", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0718" }, { "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded" }, { "name": "24650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24650" }, { "name": "USN-428-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-428-1" }, { "name": "24320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24320" }, { "name": "25588", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25588" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1103" }, { "name": "SUSE-SA:2007:019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" }, { "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded" }, { "name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" }, { "name": "SUSE-SA:2007:022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" }, { "name": "24293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24293" }, { "name": "24238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24238" }, { "name": "24393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24393" }, { "name": "24342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24342" }, { "name": "24287", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24287" }, { "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded" }, { "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded" }, { "name": "23108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/23108" }, { "name": "21240", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/21240" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493" }, { "name": "22694", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22694" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "FEDORA-2007-281", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2713" }, { "name": "RHSA-2007:0097", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" }, { "name": "FEDORA-2007-293", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://fedoranews.org/cms/node/2728" }, { "name": "20070301-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" }, { "name": "24205", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24205" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1081" }, { "name": "24333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24333" }, { "name": "ADV-2006-4662", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4662" }, { "name": "MDKSA-2007:050", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" }, { "name": "24290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24290" }, { "name": "RHSA-2007:0077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" }, { "name": "20070202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" }, { "name": "SSA:2007-066-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131" }, { "name": "RHSA-2007:0079", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.info-svc.com/news/11-21-2006/" }, { "name": "24437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24437" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2007:0078", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/" }, { "name": "oval:org.mitre.oval:def:10031", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031" }, { "name": "24395", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24395" }, { "name": "20070226 rPSA-2007-0040-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" }, { "name": "24328", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24328" }, { "name": "RHSA-2007:0108", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" }, { "name": "GLSA-200703-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" }, { "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded" }, { "name": "GLSA-200703-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" }, { "name": "23046", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23046" }, { "name": "24384", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24384" }, { "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded" }, { "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded" }, { "name": "24457", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24457" }, { "name": "firefox-passwordmgr-information-disclosure(30470)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470" }, { "name": "24343", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24343" }, { "name": "DSA-1336", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2007/dsa-1336" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "1017271", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017271" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" }, { "name": "ADV-2007-0718", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0718" }, { "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded" }, { "name": "24650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24650" }, { "name": "USN-428-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-428-1" }, { "name": "24320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24320" }, { "name": "25588", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25588" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1103" }, { "name": "SUSE-SA:2007:019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" }, { "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded" }, { "name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" }, { "name": "SUSE-SA:2007:022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" }, { "name": "24293", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24293" }, { "name": "24238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24238" }, { "name": "24393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24393" }, { "name": "24342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24342" }, { "name": "24287", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24287" }, { "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded" }, { "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded" }, { "name": "23108", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/23108" }, { "name": "21240", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/21240" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493" }, { "name": "22694", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22694" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "FEDORA-2007-281", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2713" }, { "name": "RHSA-2007:0097", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" }, { "name": "FEDORA-2007-293", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://fedoranews.org/cms/node/2728" }, { "name": "20070301-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" }, { "name": "24205", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24205" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1081" }, { "name": "24333", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24333" }, { "name": "ADV-2006-4662", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4662" }, { "name": "MDKSA-2007:050", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" }, { "name": "24290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24290" }, { "name": "RHSA-2007:0077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" }, { "name": "20070202-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" }, { "name": "SSA:2007-066-05", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131" }, { "name": "RHSA-2007:0079", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.info-svc.com/news/11-21-2006/" }, { "name": "24437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24437" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6077", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2007:0078", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" }, { "name": "http://www.info-svc.com/news/11-21-2006/rcsr1/", "refsource": "MISC", "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/" }, { "name": "oval:org.mitre.oval:def:10031", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031" }, { "name": "24395", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24395" }, { "name": "20070226 rPSA-2007-0040-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" }, { "name": "24328", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24328" }, { "name": "RHSA-2007:0108", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" }, { "name": "GLSA-200703-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" }, { "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded" }, { "name": "GLSA-200703-08", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" }, { "name": "23046", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23046" }, { "name": "24384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24384" }, { "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded" }, { "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded" }, { "name": "24457", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24457" }, { "name": "firefox-passwordmgr-information-disclosure(30470)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470" }, { "name": "24343", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24343" }, { "name": "DSA-1336", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1336" }, { "name": "HPSBUX02153", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "1017271", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017271" }, { "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" }, { "name": "ADV-2007-0718", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0718" }, { "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded" }, { "name": "24650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24650" }, { "name": "USN-428-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-428-1" }, { "name": "24320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24320" }, { "name": "25588", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25588" }, { "name": "https://issues.rpath.com/browse/RPL-1103", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1103" }, { "name": "SUSE-SA:2007:019", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" }, { "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded" }, { "name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" }, { "name": "SUSE-SA:2007:022", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" }, { "name": "24293", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24293" }, { "name": "24238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24238" }, { "name": "24393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24393" }, { "name": "24342", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24342" }, { "name": "24287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24287" }, { "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded" }, { "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded" }, { "name": "23108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23108" }, { "name": "21240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21240" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493" }, { "name": "22694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22694" }, { "name": "SSRT061181", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "name": "FEDORA-2007-281", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2713" }, { "name": "RHSA-2007:0097", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" }, { "name": "FEDORA-2007-293", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2728" }, { "name": "20070301-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" }, { "name": "24205", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24205" }, { "name": "https://issues.rpath.com/browse/RPL-1081", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1081" }, { "name": "24333", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24333" }, { "name": "ADV-2006-4662", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4662" }, { "name": "MDKSA-2007:050", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" }, { "name": "24290", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24290" }, { "name": "RHSA-2007:0077", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" }, { "name": "20070202-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" }, { "name": "SSA:2007-066-05", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131" }, { "name": "RHSA-2007:0079", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" }, { "name": "http://www.info-svc.com/news/11-21-2006/", "refsource": "MISC", "url": "http://www.info-svc.com/news/11-21-2006/" }, { "name": "24437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24437" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6077", "datePublished": "2006-11-24T17:00:00", "dateReserved": "2006-11-24T00:00:00", "dateUpdated": "2024-08-07T20:12:31.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1265 (GCVE-0-2003-1265)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:19:46.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html" }, { "name": "1005871", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1005871" }, { "name": "6499", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/6499" }, { "name": "netscape-email-deletion-failure(10963)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10963.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-01-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2008-03-11T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html" }, { "name": "1005871", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1005871" }, { "name": "6499", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/6499" }, { "name": "netscape-email-deletion-failure(10963)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10963.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1265", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html" }, { "name": "1005871", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1005871" }, { "name": "6499", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6499" }, { "name": "netscape-email-deletion-failure(10963)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10963.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1265", "datePublished": "2005-11-16T07:37:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-08T02:19:46.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-4253 (GCVE-0-2006-4253)
Vulnerability from cvelistv5
Published
2006-08-21 20:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:06:07.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20061017 Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded" }, { "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded" }, { "name": "1016847", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016847" }, { "name": "22391", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22391" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "RHSA-2006:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lcamtuf.coredump.cx/ffoxdie.html" }, { "name": "22055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22055" }, { "name": "22195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22195" }, { "name": "oval:org.mitre.oval:def:9528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528" }, { "name": "USN-352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "name": "21513", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21513" }, { "name": "21950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21950" }, { "name": "USN-351-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "name": "22025", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22025" }, { "name": "22056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22056" }, { "name": "MDKSA-2006:168", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded" }, { "name": "22210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22210" }, { "name": "24711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24711" }, { "name": "GLSA-200610-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.pianetapc.it/view.php?id=770" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "name": "21939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21939" }, { "name": "1016848", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016848" }, { "name": "ADV-2006-3617", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "name": "21915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21915" }, { "name": "ADV-2007-1198", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded" }, { "name": "RHSA-2006:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "name": "GLSA-200609-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061017 Re: Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded" }, { "name": "22274", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22274" }, { "name": "RHSA-2006:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "name": "21940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21940" }, { "name": "22001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22001" }, { "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "name": "USN-350-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21906" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061019 Re: Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded" }, { "name": "GLSA-200610-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "name": "22074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22074" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22088", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22088" }, { "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded" }, { "name": "21949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21949" }, { "name": "SUSE-SA:2006:054", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514" }, { "name": "19534", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19534" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-640" }, { "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lcamtuf.coredump.cx/ffoxdie3.html" }, { "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22036" }, { "name": "1016846", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016846" }, { "name": "USN-354-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "name": "19488", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/19488" }, { "name": "20061023 Flaw in Firefox 2.0 Final", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded" }, { "name": "22422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22422" }, { "name": "MDKSA-2006:169", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html" }, { "name": "21916", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21916" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-08-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20061017 Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded" }, { "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded" }, { "name": "1016847", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016847" }, { "name": "22391", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22391" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "RHSA-2006:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lcamtuf.coredump.cx/ffoxdie.html" }, { "name": "22055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22055" }, { "name": "22195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22195" }, { "name": "oval:org.mitre.oval:def:9528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528" }, { "name": "USN-352-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "name": "21513", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21513" }, { "name": "21950", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21950" }, { "name": "USN-351-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "name": "22025", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22025" }, { "name": "22056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22056" }, { "name": "MDKSA-2006:168", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded" }, { "name": "22210", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22210" }, { "name": "24711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24711" }, { "name": "GLSA-200610-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.pianetapc.it/view.php?id=770" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded" }, { "name": "20060901-01-P", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "name": "21939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21939" }, { "name": "1016848", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016848" }, { "name": "ADV-2006-3617", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "name": "21915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21915" }, { "name": "ADV-2007-1198", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded" }, { "name": "RHSA-2006:0677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "name": "GLSA-200609-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061017 Re: Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded" }, { "name": "22274", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22274" }, { "name": "RHSA-2006:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "name": "21940", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21940" }, { "name": "22001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22001" }, { "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "name": "USN-350-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "name": "21906", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21906" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061019 Re: Flaw in Firefox 2.0 RC2", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded" }, { "name": "GLSA-200610-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "name": "22074", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22074" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22066" }, { "name": "22088", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22088" }, { "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded" }, { "name": "21949", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21949" }, { "name": "SUSE-SA:2006:054", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514" }, { "name": "19534", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19534" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-640" }, { "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lcamtuf.coredump.cx/ffoxdie3.html" }, { "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded" }, { "name": "22036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22036" }, { "name": "1016846", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016846" }, { "name": "USN-354-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "name": "19488", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/19488" }, { "name": "20061023 Flaw in Firefox 2.0 Final", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded" }, { "name": "22422", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22422" }, { "name": "MDKSA-2006:169", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html" }, { "name": "21916", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21916" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4253", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20061017 Flaw in Firefox 2.0 RC2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded" }, { "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded" }, { "name": "1016847", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016847" }, { "name": "22391", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22391" }, { "name": "ADV-2006-3748", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "RHSA-2006:0676", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html" }, { "name": "http://lcamtuf.coredump.cx/ffoxdie.html", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/ffoxdie.html" }, { "name": "22055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22055" }, { "name": "22195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22195" }, { "name": "oval:org.mitre.oval:def:9528", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528" }, { "name": "USN-352-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "name": "21513", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21513" }, { "name": "21950", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21950" }, { "name": "USN-351-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "name": "22025", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22025" }, { "name": "22056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22056" }, { "name": "MDKSA-2006:168", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded" }, { "name": "22210", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22210" }, { "name": "24711", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24711" }, { "name": "GLSA-200610-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "name": "http://www.pianetapc.it/view.php?id=770", "refsource": "MISC", "url": "http://www.pianetapc.it/view.php?id=770" }, { "name": "ADV-2008-0083", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded" }, { "name": "20060901-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "name": "21939", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21939" }, { "name": "1016848", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016848" }, { "name": "ADV-2006-3617", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "name": "21915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21915" }, { "name": "ADV-2007-1198", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded" }, { "name": "RHSA-2006:0677", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "name": "GLSA-200609-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "name": "SSRT061181", "refsource": "HP", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061017 Re: Flaw in Firefox 2.0 RC2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded" }, { "name": "22274", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22274" }, { "name": "RHSA-2006:0675", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "name": "21940", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21940" }, { "name": "22001", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22001" }, { "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "name": "USN-350-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "name": "21906", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21906" }, { "name": "HPSBUX02153", "refsource": "HP", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "name": "20061019 Re: Flaw in Firefox 2.0 RC2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded" }, { "name": "GLSA-200610-01", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "name": "22074", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22074" }, { "name": "22066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22066" }, { "name": "22088", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22088" }, { "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded" }, { "name": "21949", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21949" }, { "name": "SUSE-SA:2006:054", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514" }, { "name": "19534", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19534" }, { "name": "https://issues.rpath.com/browse/RPL-640", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-640" }, { "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded" }, { "name": "http://lcamtuf.coredump.cx/ffoxdie3.html", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/ffoxdie3.html" }, { "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded" }, { "name": "22036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22036" }, { "name": "1016846", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016846" }, { "name": "USN-354-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "name": "19488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19488" }, { "name": "20061023 Flaw in Firefox 2.0 Final", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded" }, { "name": "22422", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22422" }, { "name": "MDKSA-2006:169", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "name": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html", "refsource": "MISC", "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html" }, { "name": "21916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21916" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4253", "datePublished": "2006-08-21T20:00:00", "dateReserved": "2006-08-21T00:00:00", "dateUpdated": "2024-08-07T19:06:07.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-0594 (GCVE-0-2002-0594)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:56:38.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CLA-2002:490", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "name": "mozilla-css-files-exist(8977)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/8977.php" }, { "name": "RHSA-2003:046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "name": "4640", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/4640" }, { "name": "RHSA-2002:192", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-04-30T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-11-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CLA-2002:490", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "name": "mozilla-css-files-exist(8977)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/8977.php" }, { "name": "RHSA-2003:046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "name": "4640", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/4640" }, { "name": "RHSA-2002:192", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0594", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CLA-2002:490", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/270249" }, { "name": "mozilla-css-files-exist(8977)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8977.php" }, { "name": "RHSA-2003:046", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "name": "4640", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4640" }, { "name": "RHSA-2002:192", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0594", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-06-11T00:00:00", "dateUpdated": "2024-08-08T02:56:38.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2006-1942 (GCVE-0-2006-1942)
Vulnerability from cvelistv5
Published
2006-04-20 22:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
References
► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T17:27:29.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21176", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21176" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "24713", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/24713" }, { "name": "19698", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19698" }, { "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" }, { "name": "20063", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20063" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" }, { "name": "firefox-viewimage-security-bypass(25925)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" }, { "name": "20060505 Firefox 1.5.0.3 code execution exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" }, { "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" }, { "name": "20376", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20376" }, { "name": "1016202", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016202" }, { "name": "18228", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18228" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1118", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1118" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1120" }, { "name": "19988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/19988" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" }, { "name": "DSA-1134", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1134" }, { "name": "21324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21324" }, { "name": "21183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21183" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22066" }, { "name": "SUSE-SA:2006:035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" }, { "name": "ADV-2006-2106", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2106" }, { "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-04-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21176", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21176" }, { "name": "ADV-2006-3748", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "24713", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/24713" }, { "name": "19698", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19698" }, { "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" }, { "name": "20063", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20063" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" }, { "name": "firefox-viewimage-security-bypass(25925)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" }, { "name": "20060505 Firefox 1.5.0.3 code execution exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" }, { "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" }, { "name": "20376", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20376" }, { "name": "1016202", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016202" }, { "name": "18228", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18228" }, { "name": "ADV-2008-0083", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "SSRT061181", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1118", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1118" }, { "name": "HPSBUX02153", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1120", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1120" }, { "name": "19988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/19988" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" }, { "name": "DSA-1134", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1134" }, { "name": "21324", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21324" }, { "name": "21183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21183" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" }, { "name": "22066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22066" }, { "name": "SUSE-SA:2006:035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" }, { "name": "ADV-2006-2106", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2106" }, { "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21176", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21176" }, { "name": "ADV-2006-3748", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "name": "24713", "refsource": "OSVDB", "url": "http://www.osvdb.org/24713" }, { "name": "19698", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19698" }, { "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" }, { "name": "20063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20063" }, { "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" }, { "name": "firefox-viewimage-security-bypass(25925)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" }, { "name": "20060505 Firefox 1.5.0.3 code execution exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" }, { "name": "http://www.networksecurity.fi/advisories/netscape-view-image.html", "refsource": "MISC", "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" }, { "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" }, { "name": "20376", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20376" }, { "name": "1016202", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016202" }, { "name": "18228", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18228" }, { "name": "ADV-2008-0083", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "name": "SSRT061181", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1118", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1118" }, { "name": "HPSBUX02153", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "name": "DSA-1120", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1120" }, { "name": "19988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19988" }, { "name": "http://www.gavinsharp.com/tmp/ImageVuln.html", "refsource": "MISC", "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" }, { "name": "DSA-1134", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1134" }, { "name": "21324", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21324" }, { "name": "21183", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21183" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" }, { "name": "22066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22066" }, { "name": "SUSE-SA:2006:035", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" }, { "name": "ADV-2006-2106", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2106" }, { "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1942", "datePublished": "2006-04-20T22:00:00", "dateReserved": "2006-04-20T00:00:00", "dateUpdated": "2024-08-07T17:27:29.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-1999-0762 (GCVE-0-1999-0762)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:48:37.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T07:56:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0762", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0762", "datePublished": "2000-01-04T05:00:00", "dateReserved": "1999-11-25T00:00:00", "dateUpdated": "2024-08-01T16:48:37.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2003-1492 (GCVE-0-2003-1492)
Vulnerability from cvelistv5
Published
2007-10-24 23:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:28:03.700Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030429 \"netscape navigator\" is cracked.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/319919" }, { "name": "7456", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/7456" }, { "name": "netscape-domain-obtain-info(11924)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-04-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030429 \"netscape navigator\" is cracked.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/319919" }, { "name": "7456", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/7456" }, { "name": "netscape-domain-obtain-info(11924)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1492", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030429 \"netscape navigator\" is cracked.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/319919" }, { "name": "7456", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7456" }, { "name": "netscape-domain-obtain-info(11924)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1492", "datePublished": "2007-10-24T23:00:00", "dateReserved": "2007-10-24T00:00:00", "dateUpdated": "2024-08-08T02:28:03.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2002-1091 (GCVE-0-2002-1091)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
► | URL | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T03:12:17.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2003:046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989" }, { "name": "5665", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5665" }, { "name": "MDKSA-2002:075", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/" }, { "name": "RHSA-2002:192", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2" }, { "name": "netscape-zero-gif-bo(10058)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/10058.php" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-11-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2003:046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989" }, { "name": "5665", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5665" }, { "name": "MDKSA-2002:075", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075" }, { "tags": [ "x_refsource_MISC" ], "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/" }, { "name": "RHSA-2002:192", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2" }, { "name": "netscape-zero-gif-bo(10058)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/10058.php" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:046", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989" }, { "name": "5665", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5665" }, { "name": "MDKSA-2002:075", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075" }, { "name": "http://crash.ihug.co.nz/~Sneuro/zerogif/", "refsource": "MISC", "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/" }, { "name": "RHSA-2002:192", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2" }, { "name": "netscape-zero-gif-bo(10058)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10058.php" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1091", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-09-06T00:00:00", "dateUpdated": "2024-08-08T03:12:17.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=157646 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=103730181813075&w=2 | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-162.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-163.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/6185 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/10636 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=157646 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=103730181813075&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-162.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-163.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6185 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/10636 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en el mont\u00edculo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un b\u00fafer durante la descompresi\u00f3n." } ], "id": "CVE-2002-1308", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-11-29T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6185" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6185" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=157202 | Patch | |
cve@mitre.org | http://www.iss.net/security_center/static/9287.php | Patch | |
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 | ||
cve@mitre.org | http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=157202 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9287.php | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2002:074 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | Patch |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3AB0749-167A-4975-863B-DCF368AA4F9C", "versionEndIncluding": "1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel." } ], "id": "CVE-2002-2061", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/9287.php" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/9287.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n", "lastModified": "2006-08-30T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=144228 | ||
cve@mitre.org | http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | ||
cve@mitre.org | http://online.securityfocus.com/archive/1/276628 | ||
cve@mitre.org | http://www.iss.net/security_center/static/9343.php | ||
cve@mitre.org | http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/276946 | ||
cve@mitre.org | http://www.securityfocus.com/bid/5002 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=144228 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/276628 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9343.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/276946 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5002 | Exploit, Patch |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
netscape | communicator | 4.0 | |
netscape | communicator | 4.4 | |
netscape | communicator | 4.5 | |
netscape | communicator | 4.06 | |
netscape | communicator | 4.6 | |
netscape | communicator | 4.07 | |
netscape | communicator | 4.7 | |
netscape | communicator | 4.08 | |
netscape | communicator | 4.51 | |
netscape | communicator | 4.61 | |
netscape | communicator | 4.72 | |
netscape | communicator | 4.73 | |
netscape | communicator | 4.74 | |
netscape | communicator | 4.75 | |
netscape | communicator | 4.76 | |
netscape | communicator | 4.77 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.01 | |
netscape | navigator | 6.1 | |
netscape | navigator | 6.2 | |
netscape | navigator | 6.2.1 | |
netscape | navigator | 6.2.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B711600-425F-4FF9-BC5E-B8D182A2B9F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*", "matchCriteriaId": "34F6328B-44A8-4E45-918E-C54285040BFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "529E3F71-6016-461D-A162-0DBDD5505389", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*", "matchCriteriaId": "31D02C4D-3FD1-425F-B0DB-7808089BCD0B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*", "matchCriteriaId": "61268CF9-E279-4F63-B228-F9ED4B93BB99", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*", "matchCriteriaId": "918BE44C-8D64-4040-BC74-802AA3FA4E10", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*", "matchCriteriaId": "6AA534C4-9411-44EC-AA34-2287C79AD235", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*", "matchCriteriaId": "3A4E8588-A941-4759-B41C-00F193F2C63B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*", "matchCriteriaId": "3E48C051-EB45-4262-86C2-2333FD5C7745", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*", "matchCriteriaId": "BA48AF1E-99EF-419C-B425-001C7134C6BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*", "matchCriteriaId": "C97DE00F-4C73-4C54-918E-D540F2C3297B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*", "matchCriteriaId": "C5A07AD2-2293-443A-9A32-316B832A5276", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*", "matchCriteriaId": "5A823994-786D-41D7-9FA7-FF8058C4AFD8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:mac:*:*:*:*:*", "matchCriteriaId": "ACAB9169-BC6E-49CF-9A00-3F3054677B32", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message." } ], "id": "CVE-2002-2338", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228" }, { "source": "cve@mitre.org", "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/276628" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/9343.php" }, { "source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/276946" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/5002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/276628" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/9343.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/276946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/5002" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=105820193406838&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=105820193406838&w=2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en el plugin de la Herramienta de Detecci\u00f3n de cliente (CDT) (npcdt.dll) de Netscape 7.02 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un adjunto con un nombre de fichero largo." } ], "id": "CVE-2003-0553", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-08-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-07 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html | ||
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html | ||
cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
cve@mitre.org | http://lcamtuf.coredump.cx/focusbug/ | ||
cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html | Exploit | |
cve@mitre.org | http://lists.virus.org/full-disclosure-0702/msg00225.html | ||
cve@mitre.org | http://secunia.com/advisories/20442 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20467 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20470 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20472 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21532 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27298 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27335 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27383 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27387 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27403 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/27414 | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/1059 | ||
cve@mitre.org | http://securitytracker.com/id?1018837 | ||
cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 | ||
cve@mitre.org | http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html | ||
cve@mitre.org | http://www.gnucitizen.org/blog/browser-focus-rip | ||
cve@mitre.org | http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 | ||
cve@mitre.org | http://www.mozilla.org/security/announce/2007/mfsa2007-32.html | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_57_mozilla.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/482876/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/482925/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/482932/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/18308 | ||
cve@mitre.org | http://www.thanhngan.org/fflinuxversion.html | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-536-1 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2160 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2162 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2163 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2164 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2007/3544 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2008/0083 | Vendor Advisory | |
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=290478 | ||
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=370092 | ||
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=56236 | ||
cve@mitre.org | https://issues.rpath.com/browse/RPL-1858 | ||
cve@mitre.org | https://usn.ubuntu.com/535-1/ | ||
cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lcamtuf.coredump.cx/focusbug/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.virus.org/full-disclosure-0702/msg00225.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20442 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20467 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20470 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20472 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21532 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27298 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27335 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27383 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27387 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27403 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27414 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1059 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018837 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gnucitizen.org/blog/browser-focus-rip | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2007/mfsa2007-32.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_57_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482876/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482925/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482932/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18308 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.thanhngan.org/fflinuxversion.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-536-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2160 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2162 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2163 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2164 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3544 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0083 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=290478 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=370092 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=56236 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1858 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/535-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9189789A-4D83-4C47-8890-A437AE39A0E4", "versionEndIncluding": "2.0.0.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla_suite:1.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "BC0CE9DF-4E6A-4ABE-965F-7C34690ABED1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F8C75-4934-453B-B502-8D0B6E9873EA", "versionEndIncluding": "1.1.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDB53CEA-68CC-44DA-B61F-7E0126FD3DD6", "versionEndIncluding": "8.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." } ], "id": "CVE-2006-2894", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-06-07T10:02:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" }, { "source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/focusbug/" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "source": "cve@mitre.org", "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20442" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20467" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20470" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20472" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21532" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27298" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27335" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27383" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27387" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27403" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27414" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1059" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018837" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" }, { "source": "cve@mitre.org", "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" }, { "source": "cve@mitre.org", "url": "http://www.gnucitizen.org/blog/browser-focus-rip" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18308" }, { "source": "cve@mitre.org", "url": "http://www.thanhngan.org/fflinuxversion.html" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-536-1" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2160" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2162" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2163" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2164" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/3544" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" }, { "source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1858" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/535-1/" }, { "source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lcamtuf.coredump.cx/focusbug/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20442" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20467" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27335" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27383" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27387" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1059" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018837" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gnucitizen.org/blog/browser-focus-rip" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.thanhngan.org/fflinuxversion.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-536-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2163" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2164" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/3544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1858" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/535-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-03-10 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/22856 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22856 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
adobe | acrobat_reader | 8.0 | |
mozilla | firefox | 2.0.0.3 | |
netscape | navigator | * | |
opera | opera_browser | 9.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true }, { "criteria": "cpe:2.3:a:opera:opera_browser:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "81B22949-5B71-457E-9AF3-6F9D168F9F79", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236." }, { "lang": "es", "value": "AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, \u00f3 Opera, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236." } ], "id": "CVE-2007-1377", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-03-10T00:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/22856" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/22856" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-07-20 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.exploit-db.com/exploits/9160 | ||
cve@mitre.org | http://www.g-sec.lu/one-bug-to-rule-them-all.html | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/504969/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/504988/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/504989/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/505006/100/0/threaded | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/52876 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/9160 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.g-sec.lu/one-bug-to-rule-them-all.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504969/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504988/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504989/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/505006/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52876 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:6:*:*:*:*:*:*:*", "matchCriteriaId": "A55DBDE7-91BA-43CD-9E1F-52737CA93EA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8:*:*:*:*:*:*:*", "matchCriteriaId": "220BE0F1-EFFC-4BE0-8B5D-42FB6865EE33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692." }, { "lang": "es", "value": "Netscape v6 y v8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un valor entero grande en la propiedad \"length\" de un objeto \"Select\", siendo un asunto relacionado con CVE-2009-1692." } ], "id": "CVE-2009-2542", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-20T18:30:01.297", "references": [ { "source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9160" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/9160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
cve@mitre.org | http://secunia.com/advisories/14820 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/14821 | Patch, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19823 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1013635 | Exploit | |
cve@mitre.org | http://securitytracker.com/id?1013643 | Exploit | |
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml | Patch, Vendor Advisory | |
cve@mitre.org | http://www.mozilla.org/security/announce/mfsa2005-33.html | Vendor Advisory | |
cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_04_25.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-601.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/12988 | ||
cve@mitre.org | http://www.securityfocus.com/bid/15495 | ||
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=288688 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14820 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14821 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19823 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013635 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013643 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/mfsa2005-33.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_04_25.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-601.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12988 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15495 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=288688 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method." } ], "id": "CVE-2005-0989", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14820" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14821" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19823" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1013635" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1013643" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/12988" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19823" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1013635" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1013643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/12988" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=236618 | ||
cve@mitre.org | http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-421.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/15495 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16862 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=236618 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-421.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15495 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16862 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code." }, { "lang": "es", "value": "Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n." } ], "id": "CVE-2004-0722", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618" }, { "source": "cve@mitre.org", "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-09-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=250862 | Patch, Vendor Advisory | |
cve@mitre.org | http://marc.info/?l=bugtraq&m=109698896104418&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200409-26.xml | Patch, Vendor Advisory | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/651928 | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | Vendor Advisory | |
cve@mitre.org | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/11177 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-261A.html | Patch, Third Party Advisory, US Government Resource | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=250862 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109698896104418&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200409-26.xml | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/651928 | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11177 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-261A.html | Patch, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0 | |
mozilla | mozilla | 1.0.1 | |
mozilla | mozilla | 1.0.2 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.1 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2 | |
mozilla | mozilla | 1.2.1 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.3.1 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.4.2 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
netscape | navigator | 7.0 | |
netscape | navigator | 7.0.2 | |
netscape | navigator | 7.1 | |
netscape | navigator | 7.2 | |
conectiva | linux | 9.0 | |
conectiva | linux | 10.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 | |
suse | suse_linux | 1.0 | |
suse | suse_linux | 8 | |
suse | suse_linux | 8.1 | |
suse | suse_linux | 8.2 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.0 | |
suse | suse_linux | 9.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "53E60BCC-6D1C-489E-9F3B-9BE42B46704F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "C795D86F-9B08-41FE-B82B-5BBB3DE6357D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "2637D552-4A3D-4867-B52A-ACCED8681AF4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CC237C8-CFE0-4128-B549-93CD16894E71", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", "matchCriteriaId": "367A5D46-0FF3-4140-9478-251363822E9C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8DE4889-424F-4A44-8C14-9F18821CE961", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", "matchCriteriaId": "1003D688-3EEA-45F9-BB2C-5BAB395D7678", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain." } ], "id": "CVE-2004-0905", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-09-14T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/651928" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11177" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/651928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11177" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://java.sun.com/pr/1999/03/pr990329-01.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=92333596624452&w=2 | ||
cve@mitre.org | http://www.securityfocus.com/bid/1939 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://java.sun.com/pr/1999/03/pr990329-01.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=92333596624452&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1939 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netscape | communicator | 4.5 | |
netscape | navigator | 4.0 | |
netscape | navigator | 4.01 | |
netscape | navigator | 4.02 | |
netscape | navigator | 4.03 | |
netscape | navigator | 4.04 | |
netscape | navigator | 4.05 | |
netscape | navigator | 4.5 | |
netscape | navigator | 4.06 | |
netscape | navigator | 4.07 | |
netscape | navigator | 4.08 | |
netscape | navigator | 4.61 | |
sun | java | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "05CFEB93-B230-473E-A6D0-73CA0C48CB9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*", "matchCriteriaId": "60AA08F1-9932-404D-830E-E6D126FC732B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*", "matchCriteriaId": "C2FBC98E-49CF-48F1-9206-DDE8166AA8E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*", "matchCriteriaId": "E57BB283-31F4-487A-87CA-A251BFC5133C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*", "matchCriteriaId": "8B4D5F1E-DD1B-4CCE-B16D-05AB2DEBCB18", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*", "matchCriteriaId": "E20267FF-FCF8-42BF-9CF1-127FF856C6FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7EC6F62-37FF-46DD-997C-A4D77182BBEA", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*", "matchCriteriaId": "D5904FD1-9806-4C73-A4E8-98C1F8F078EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*", "matchCriteriaId": "431D7EED-1152-4245-92B9-023A4AC88EA8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*", "matchCriteriaId": "04BBF8B2-8378-4CA3-B8D4-4ED5D7B8A674", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*", "matchCriteriaId": "0B3EFA3B-5DE7-40D0-960D-283491163E74", "vulnerable": true }, { "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages." } ], "id": "CVE-1999-0440", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-03-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://java.sun.com/pr/1999/03/pr990329-01.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1939" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://java.sun.com/pr/1999/03/pr990329-01.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1939" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | ||
cve@mitre.org | http://online.securityfocus.com/archive/1/270249 | Vendor Advisory | |
cve@mitre.org | http://www.iss.net/security_center/static/8977.php | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-192.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-046.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/4640 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/270249 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8977.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-192.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-046.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4640 | Exploit, Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:galeon:galeon_browser:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E89FB22-EF04-446F-AF36-44878AB57AF4", "vulnerable": true }, { "criteria": "cpe:2.3:a:galeon:galeon_browser:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "184CDE30-30DE-49F5-A44D-36CA3852BF12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect." } ], "id": "CVE-2002-0594", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-06-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8977.php" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8977.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4640" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-11-24 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc | ||
cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc | ||
cve@mitre.org | http://fedoranews.org/cms/node/2713 | ||
cve@mitre.org | http://fedoranews.org/cms/node/2728 | ||
cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
cve@mitre.org | http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html | ||
cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2007-0077.html | ||
cve@mitre.org | http://secunia.com/advisories/23046 | Exploit, Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/23108 | ||
cve@mitre.org | http://secunia.com/advisories/24205 | ||
cve@mitre.org | http://secunia.com/advisories/24238 | ||
cve@mitre.org | http://secunia.com/advisories/24287 | ||
cve@mitre.org | http://secunia.com/advisories/24290 | ||
cve@mitre.org | http://secunia.com/advisories/24293 | ||
cve@mitre.org | http://secunia.com/advisories/24320 | ||
cve@mitre.org | http://secunia.com/advisories/24328 | ||
cve@mitre.org | http://secunia.com/advisories/24333 | ||
cve@mitre.org | http://secunia.com/advisories/24342 | ||
cve@mitre.org | http://secunia.com/advisories/24343 | ||
cve@mitre.org | http://secunia.com/advisories/24384 | ||
cve@mitre.org | http://secunia.com/advisories/24393 | ||
cve@mitre.org | http://secunia.com/advisories/24395 | ||
cve@mitre.org | http://secunia.com/advisories/24437 | ||
cve@mitre.org | http://secunia.com/advisories/24457 | ||
cve@mitre.org | http://secunia.com/advisories/24650 | ||
cve@mitre.org | http://secunia.com/advisories/25588 | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200703-04.xml | ||
cve@mitre.org | http://securitytracker.com/id?1017271 | Exploit | |
cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 | ||
cve@mitre.org | http://www.debian.org/security/2007/dsa-1336 | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml | ||
cve@mitre.org | http://www.info-svc.com/news/11-21-2006/ | Exploit | |
cve@mitre.org | http://www.info-svc.com/news/11-21-2006/rcsr1/ | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 | ||
cve@mitre.org | http://www.mozilla.org/security/announce/2007/mfsa2007-02.html | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_22_mozilla.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0078.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0079.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0097.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0108.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/452382/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/452431/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/452440/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/452463/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/454982/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/455073/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/455148/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/461336/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/461809/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/21240 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/22694 | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-428-1 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/4662 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2007/0718 | ||
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=360493 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 | ||
cve@mitre.org | https://issues.rpath.com/browse/RPL-1081 | ||
cve@mitre.org | https://issues.rpath.com/browse/RPL-1103 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc | ||
af854a3a-2127-422b-91ae-364da2661108 | http://fedoranews.org/cms/node/2713 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://fedoranews.org/cms/node/2728 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2007-0077.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23046 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23108 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24205 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24238 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24287 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24290 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24293 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24320 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24328 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24333 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24342 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24343 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24384 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24393 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24395 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24437 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24457 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24650 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25588 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200703-04.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1017271 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1336 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.info-svc.com/news/11-21-2006/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.info-svc.com/news/11-21-2006/rcsr1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2007/mfsa2007-02.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_22_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0078.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0079.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0097.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0108.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/452382/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/452431/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/452440/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/452463/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/454982/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/455073/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/455148/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461336/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461809/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/21240 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22694 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-428-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4662 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0718 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=360493 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1081 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1103 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | * | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5.0.1 | |
mozilla | firefox | 1.5.0.2 | |
mozilla | firefox | 1.5.0.3 | |
mozilla | firefox | 1.5.0.4 | |
mozilla | firefox | 1.5.0.5 | |
mozilla | firefox | 1.5.0.6 | |
mozilla | firefox | 1.5.0.7 | |
mozilla | firefox | 2.0 | |
netscape | navigator | 8.1.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD89DF1B-8235-41DE-97C5-A3D039B0C3E7", "versionEndIncluding": "1.5.0.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3523E6B8-3498-4D46-9C8B-31D572263388", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password." }, { "lang": "es", "value": "El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contrase\u00f1a (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contrase\u00f1a, lo cual permite a un atacante remoto obtener contrase\u00f1as a trav\u00e9s de la contrase\u00f1a (elemento INPUT) sobre un p\u00e1gina web diferente localizada sobre un sitio web previsto para esta contrase\u00f1a." } ], "id": "CVE-2006-6077", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-11-24T17:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" }, { "source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2713" }, { "source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2728" }, { "source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "cve@mitre.org", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" }, { "source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23046" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/23108" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24205" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24238" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24287" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24290" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24293" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24320" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24328" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24333" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24342" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24343" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24384" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24393" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24395" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24437" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24457" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24650" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/25588" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1017271" }, { "source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1336" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.info-svc.com/news/11-21-2006/" }, { "source": "cve@mitre.org", "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/21240" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22694" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-428-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4662" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0718" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470" }, { "source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1081" }, { "source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1103" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/cms/node/2713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/cms/node/2728" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/advisories/23046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23108" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24238" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24290" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24293" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24328" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24342" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24343" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24393" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24395" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24437" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24457" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24650" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25588" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://securitytracker.com/id?1017271" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1336" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.info-svc.com/news/11-21-2006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/21240" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22694" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-428-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0718" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1103" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-20 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/19698 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/19988 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20063 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20376 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21176 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21183 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21324 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22066 | Vendor Advisory | |
cve@mitre.org | http://securitytracker.com/id?1016202 | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1118 | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1120 | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1134 | ||
cve@mitre.org | http://www.gavinsharp.com/tmp/ImageVuln.html | Patch | |
cve@mitre.org | http://www.mozilla.org/security/announce/2006/mfsa2006-39.html | Vendor Advisory | |
cve@mitre.org | http://www.networksecurity.fi/advisories/netscape-view-image.html | Vendor Advisory | |
cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_35_mozilla.html | ||
cve@mitre.org | http://www.osvdb.org/24713 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/431267/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/433138/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/433539/30/5070/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/435795/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446658/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446658/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/18228 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/2106 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3748 | Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2008/0083 | Vendor Advisory | |
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=334341 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/25925 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19698 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19988 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20063 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20376 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21176 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21183 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21324 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22066 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016202 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1118 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1120 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1134 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gavinsharp.com/tmp/ImageVuln.html | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2006/mfsa2006-39.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.networksecurity.fi/advisories/netscape-view-image.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_35_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/24713 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/431267/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/433138/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/433539/30/5070/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/435795/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446658/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446658/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18228 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2106 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3748 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0083 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=334341 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/25925 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "D9F05337-F4CB-4829-A086-1164CAC34BAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "4877D2D7-139E-4582-B023-53E1E1E1D124", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"" } ], "id": "CVE-2006-1942", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-04-20T22:02:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19698" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19988" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20063" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20376" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21176" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21183" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21324" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22066" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016202" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1118" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1120" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1134" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/24713" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18228" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2106" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/19988" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20376" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21183" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016202" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1118" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1120" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1134" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.gavinsharp.com/tmp/ImageVuln.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24713" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18228" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2106" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-08-21 20:04
Modified
2025-04-03 01:03
Severity ?
Summary
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | ||
cve@mitre.org | http://lcamtuf.coredump.cx/ffoxdie.html | ||
cve@mitre.org | http://lcamtuf.coredump.cx/ffoxdie3.html | ||
cve@mitre.org | http://secunia.com/advisories/21513 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21906 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21915 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21916 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21939 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21940 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21949 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21950 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22001 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22025 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22036 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22055 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22056 | ||
cve@mitre.org | http://secunia.com/advisories/22066 | ||
cve@mitre.org | http://secunia.com/advisories/22074 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22088 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22195 | ||
cve@mitre.org | http://secunia.com/advisories/22210 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22274 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22391 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/22422 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/24711 | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200609-19.xml | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200610-01.xml | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200610-04.xml | ||
cve@mitre.org | http://securitytracker.com/id?1016846 | ||
cve@mitre.org | http://securitytracker.com/id?1016847 | ||
cve@mitre.org | http://securitytracker.com/id?1016848 | ||
cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 | ||
cve@mitre.org | http://www.mozilla.org/security/announce/2006/mfsa2006-59.html | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2006_54_mozilla.html | ||
cve@mitre.org | http://www.pianetapc.it/view.php?id=770 | URL Repurposed | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2006-0675.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2006-0676.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2006-0677.html | ||
cve@mitre.org | http://www.securiteam.com/securitynews/5VP0M0AJFW.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443020/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443306/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443500/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/443528/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/446140/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447837/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/447840/100/200/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/448956/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/448984/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449245/100/100/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449487/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/449726/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/19488 | ||
cve@mitre.org | http://www.securityfocus.com/bid/19534 | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-350-1 | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-351-1 | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-352-1 | ||
cve@mitre.org | http://www.ubuntu.com/usn/usn-354-1 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3617 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3748 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2007/1198 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2008/0083 | ||
cve@mitre.org | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
cve@mitre.org | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=348514 | ||
cve@mitre.org | https://issues.rpath.com/browse/RPL-640 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lcamtuf.coredump.cx/ffoxdie.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lcamtuf.coredump.cx/ffoxdie3.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21513 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21906 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21915 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21916 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21939 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21940 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21949 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21950 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22001 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22025 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22036 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22055 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22056 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22066 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22074 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22088 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22195 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22210 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22274 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22391 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22422 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24711 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200609-19.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200610-01.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200610-04.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016846 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016847 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016848 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2006/mfsa2006-59.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_54_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.pianetapc.it/view.php?id=770 | URL Repurposed | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0675.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0676.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0677.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/securitynews/5VP0M0AJFW.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443020/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443306/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443500/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/443528/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446140/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447837/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/447840/100/200/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/448956/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/448984/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449245/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449487/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/449726/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19488 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19534 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-350-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-351-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-352-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-354-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3617 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3748 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1198 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0083 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=348514 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-640 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
k-meleon_project | k-meleon | 1.0.1 | |
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | firefox | 1.0.3 | |
mozilla | firefox | 1.0.4 | |
mozilla | firefox | 1.0.5 | |
mozilla | firefox | 1.0.6 | |
mozilla | firefox | 1.0.7 | |
mozilla | firefox | 1.0.8 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5 | |
mozilla | firefox | 1.5.0.1 | |
mozilla | firefox | 1.5.0.2 | |
mozilla | firefox | 1.5.0.3 | |
mozilla | firefox | 1.5.0.4 | |
mozilla | firefox | 1.5.0.5 | |
mozilla | firefox | 1.5.0.6 | |
netscape | navigator | 8.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D1EAAD01-C770-446C-916F-66782953AF02", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected." }, { "lang": "es", "value": "Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante m\u00faltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirecci\u00f3n del navegador hacia ora p\u00e1gina, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. NOTA: se ha reportado que Netscape 8.1 y K-Meleaon 1.0.1 tambi\u00e9n se han visto afectados por ffoxdie. Mozilla confirm\u00f3 a CVE que ffoxdie y ffoxdie3 disparan la misma vulnerabilidad subyacente. NOTA: se ha reportado posteriormente que Firefox 2.0 RC2 y 1.5.0.7 tambi\u00e9n est\u00e1n afectados." } ], "id": "CVE-2006-4253", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-08-21T20:04:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/ffoxdie.html" }, { "source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/ffoxdie3.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21513" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21906" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21915" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21916" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21939" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21940" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21949" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21950" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22001" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22025" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22036" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22055" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22056" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22066" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22074" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22088" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/22195" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22210" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22274" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22391" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22422" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24711" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016846" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016847" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016848" }, { "source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" }, { "source": "cve@mitre.org", "tags": [ "URL Repurposed" ], "url": "http://www.pianetapc.it/view.php?id=770" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "source": "cve@mitre.org", "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19488" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19534" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "cve@mitre.org", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "source": "cve@mitre.org", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514" }, { "source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-640" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lcamtuf.coredump.cx/ffoxdie.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lcamtuf.coredump.cx/ffoxdie3.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21906" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21915" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21916" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21939" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21940" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21950" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22001" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22025" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22056" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22210" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22274" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22391" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22422" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24711" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016848" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "URL Repurposed" ], "url": "http://www.pianetapc.it/view.php?id=770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19534" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-350-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-351-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-352-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-354-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3617" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3748" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/13402/ | ||
cve@mitre.org | http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | Exploit, Vendor Advisory | |
cve@mitre.org | http://secunia.com/secunia_research/2004-13/advisory/ | ||
cve@mitre.org | http://www.securityfocus.com/bid/11852 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13402/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2004-13/advisory/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11852 | Exploit, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability." } ], "id": "CVE-2004-1160", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/13402/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/13402/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2004-13/advisory/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11852" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1996-03-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "DA1BDF4E-F2B7-48A6-A276-2C69BEAD932A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet." } ], "id": "CVE-1999-0141", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1996-03-29T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netscape | communicator | 4.6 | |
netscape | communicator | 4.x | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:windows_95:*:*:*:*:*", "matchCriteriaId": "2120677E-C560-408F-93C0-13A9CEEF0565", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.x:*:*:*:*:*:*:*", "matchCriteriaId": "93E61D1F-588C-4B84-B5CA-8AB68AE4DF1B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information." } ], "id": "CVE-1999-0762", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1999-05-24T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=157989 | ||
cve@mitre.org | http://crash.ihug.co.nz/~Sneuro/zerogif/ | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=103134051120770&w=2 | ||
cve@mitre.org | http://www.iss.net/security_center/static/10058.php | Vendor Advisory | |
cve@mitre.org | http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-192.html | Patch, Vendor Advisory | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-046.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/5665 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=157989 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://crash.ihug.co.nz/~Sneuro/zerogif/ | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=103134051120770&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10058.php | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-192.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-046.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5665 | Exploit, Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
mozilla | mozilla | 0.9.7 | |
mozilla | mozilla | 0.9.8 | |
mozilla | mozilla | 0.9.9 | |
mozilla | mozilla | 1.0 | |
netscape | navigator | 6.2 | |
netscape | navigator | 6.2.1 | |
netscape | navigator | 6.2.2 | |
netscape | navigator | 6.2.3 | |
opera_software | opera_web_browser | 5.12 | |
opera_software | opera_web_browser | 6.0 | |
opera_software | opera_web_browser | 6.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE", "vulnerable": true }, { "criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "F49659B4-2878-4D31-BCB8-11CA38D6FA8D", "vulnerable": true }, { "criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width." } ], "id": "CVE-2002-1091", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-10-04T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989" }, { "source": "cve@mitre.org", "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10058.php" }, { "source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5665" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/10058.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/5665" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-24 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/36306 | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/archive/1/36608 | Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/822 | Exploit, Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7884 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/36306 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/36608 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/822 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7884 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netscape | communicator | 4.7 | |
netscape | navigator | 4.7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "F2AE46C7-6538-4DE6-B3EA-81AD7F7C43E2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file." } ], "id": "CVE-1999-1189", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-11-24T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/36306" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/36608" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/822" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/36306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/36608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/822" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html | ||
secalert@redhat.com | http://nils.toedtmann.net/pub/subjectAltName.txt | ||
secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2008-0616.html | ||
secalert@redhat.com | http://secunia.com/advisories/30878 | ||
secalert@redhat.com | http://secunia.com/advisories/30898 | ||
secalert@redhat.com | http://secunia.com/advisories/30903 | ||
secalert@redhat.com | http://secunia.com/advisories/30911 | Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/30949 | ||
secalert@redhat.com | http://secunia.com/advisories/31005 | ||
secalert@redhat.com | http://secunia.com/advisories/31008 | ||
secalert@redhat.com | http://secunia.com/advisories/31021 | ||
secalert@redhat.com | http://secunia.com/advisories/31023 | ||
secalert@redhat.com | http://secunia.com/advisories/31069 | ||
secalert@redhat.com | http://secunia.com/advisories/31076 | ||
secalert@redhat.com | http://secunia.com/advisories/31183 | ||
secalert@redhat.com | http://secunia.com/advisories/31195 | ||
secalert@redhat.com | http://secunia.com/advisories/31220 | ||
secalert@redhat.com | http://secunia.com/advisories/31253 | ||
secalert@redhat.com | http://secunia.com/advisories/31286 | ||
secalert@redhat.com | http://secunia.com/advisories/31377 | ||
secalert@redhat.com | http://secunia.com/advisories/31403 | ||
secalert@redhat.com | http://secunia.com/advisories/33433 | ||
secalert@redhat.com | http://secunia.com/advisories/34501 | ||
secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200808-03.xml | ||
secalert@redhat.com | http://securityreason.com/securityalert/3498 | ||
secalert@redhat.com | http://securitytracker.com/id?1018979 | ||
secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 | ||
secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 | ||
secalert@redhat.com | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 | ||
secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 | ||
secalert@redhat.com | http://wiki.rpath.com/Advisories:rPSA-2008-0216 | ||
secalert@redhat.com | http://www.debian.org/security/2008/dsa-1607 | ||
secalert@redhat.com | http://www.debian.org/security/2008/dsa-1615 | ||
secalert@redhat.com | http://www.debian.org/security/2008/dsa-1621 | ||
secalert@redhat.com | http://www.debian.org/security/2009/dsa-1697 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 | ||
secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 | ||
secalert@redhat.com | http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 | ||
secalert@redhat.com | http://www.mozilla.org/security/announce/2008/mfsa2008-31.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0547.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0549.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2008-0569.html | ||
secalert@redhat.com | http://www.securityfocus.com/archive/1/483929/100/100/threaded | ||
secalert@redhat.com | http://www.securityfocus.com/archive/1/483937/100/100/threaded | ||
secalert@redhat.com | http://www.securityfocus.com/archive/1/483960/100/100/threaded | ||
secalert@redhat.com | http://www.securityfocus.com/archive/1/494080/100/0/threaded | ||
secalert@redhat.com | http://www.securityfocus.com/bid/30038 | ||
secalert@redhat.com | http://www.securitytracker.com/id?1020419 | ||
secalert@redhat.com | http://www.ubuntu.com/usn/usn-619-1 | ||
secalert@redhat.com | http://www.ubuntu.com/usn/usn-629-1 | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2008/1993/references | ||
secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0977 | ||
secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=240261 | ||
secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=327181 | ||
secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=402347 | ||
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/43524 | ||
secalert@redhat.com | https://issues.rpath.com/browse/RPL-2646 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205 | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html | ||
secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://nils.toedtmann.net/pub/subjectAltName.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2008-0616.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30878 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30898 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30903 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30911 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30949 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31005 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31008 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31021 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31023 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31069 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31076 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31183 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31195 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31220 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31253 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31286 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31377 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31403 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33433 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34501 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-03.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3498 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1018979 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2008-0216 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1607 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1615 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1621 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1697 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2008/mfsa2008-31.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0547.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0549.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0569.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483929/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483937/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/483960/100/100/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/494080/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30038 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020419 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-619-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-629-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1993/references | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0977 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=240261 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=327181 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=402347 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43524 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2646 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 2.0.0.1 | |
mozilla | firefox | 2.0.0.2 | |
mozilla | firefox | 2.0.0.3 | |
mozilla | firefox | 2.0.0.4 | |
mozilla | firefox | 2.0.0.5 | |
mozilla | firefox | 2.0.0.6 | |
mozilla | firefox | 2.0.0.7 | |
mozilla | firefox | 2.0.0.8 | |
mozilla | firefox | 2.0.0.9 | |
mozilla | firefox | 2.0.0.10 | |
mozilla | firefox | 2.0.0.11 | |
mozilla | firefox | 2.0.0.12 | |
mozilla | firefox | 2.0.0.13 | |
mozilla | firefox | 2.0.0.14 | |
mozilla | geckb | * | |
mozilla | seamonkey | * | |
mozilla | seamonkey | 1.1.5 | |
netscape | navigator | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:geckb:*:m8:*:*:*:*:*:*", "matchCriteriaId": "1AE6FF40-5C89-47F1-928C-7BC7DB7A57F3", "versionEndIncluding": "1.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E9314D-0D23-4572-9956-D2E8B53540B1", "versionEndIncluding": "1.0.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DE436EA-9F65-4B62-A11D-B102F5E5E9FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." }, { "lang": "es", "value": "Mozilla 1.9 M8 y anteriores, Mozilla Firefox 2 y anteriores a 2.0.0.15, SeaMonkey 1.1.5 y otras versiones anteriores a 1.1.10, Netscape 9.0, y otras navegadores basados en Mozilla, cuando un usuario aceptar un certificado SSL de servidor sobre las bases del nombre de dominio CN en el campo DN, considerando que el certificado es tambi\u00e9n aceptado por todos los nombres de dominio en el campo subjectAltName:dNSName, el cual hace m\u00e1s f\u00e1cil a los atacantes remotos enga\u00f1ar a un usuario aceptando un certificado no v\u00e1lido para una p\u00e1gina web falsa." } ], "id": "CVE-2008-2809", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-07-08T23:41:00.000", "references": [ { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" }, { "source": "secalert@redhat.com", "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30878" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30898" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30903" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30911" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30949" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31005" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31008" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31021" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31023" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31069" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31076" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31183" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31195" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31220" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31253" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31286" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31377" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31403" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33433" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/34501" }, { "source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" }, { "source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/3498" }, { "source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1018979" }, { "source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152" }, { "source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911" }, { "source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484" }, { "source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" }, { "source": "secalert@redhat.com", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1607" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1615" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1621" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2009/dsa-1697" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" }, { "source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" }, { "source": "secalert@redhat.com", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" }, { "source": "secalert@redhat.com", "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/30038" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020419" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-619-1" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-629-1" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1993/references" }, { "source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0977" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524" }, { "source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-2646" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" }, { "source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30878" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30898" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/30911" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30949" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31005" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31008" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31076" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31183" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31253" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31286" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31377" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3498" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018979" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1615" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1621" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020419" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-619-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-629-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1993/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0977" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-2646" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.osvdb.org/6580 | ||
cve@mitre.org | http://www.securityfocus.com/bid/10389 | Exploit, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/6580 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10389 | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack." }, { "lang": "es", "value": "Netscape Navigator 7.1 permite a atacantes remotos suplantar URL leg\u00edtimas en la barra de estado mediante etiquetas A HREF con valores \"alt\" modificados que apuntan al sitio leg\u00edtimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantaci\u00f3n para robo de datos (phising)\"." } ], "id": "CVE-2004-0528", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-08-06T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.osvdb.org/6580" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10389" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/6580" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/10389" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/6959 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/11444 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6959 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/11444 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." } ], "id": "CVE-2003-1419", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/6959" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/6959" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-12-09 15:03
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt | ||
cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U | ||
cve@mitre.org | http://marc.info/?l=full-disclosure&m=113404911919629&w=2 | ||
cve@mitre.org | http://marc.info/?l=full-disclosure&m=113405896025702&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/17934 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/17944 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/17946 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/18700 | ||
cve@mitre.org | http://secunia.com/advisories/18704 | ||
cve@mitre.org | http://secunia.com/advisories/18705 | ||
cve@mitre.org | http://secunia.com/advisories/18706 | ||
cve@mitre.org | http://secunia.com/advisories/18708 | ||
cve@mitre.org | http://secunia.com/advisories/18709 | ||
cve@mitre.org | http://secunia.com/advisories/19230 | ||
cve@mitre.org | http://secunia.com/advisories/19746 | ||
cve@mitre.org | http://secunia.com/advisories/19759 | ||
cve@mitre.org | http://secunia.com/advisories/19852 | ||
cve@mitre.org | http://secunia.com/advisories/19862 | ||
cve@mitre.org | http://secunia.com/advisories/19863 | ||
cve@mitre.org | http://secunia.com/advisories/19902 | ||
cve@mitre.org | http://secunia.com/advisories/19941 | ||
cve@mitre.org | http://secunia.com/advisories/21033 | ||
cve@mitre.org | http://secunia.com/advisories/21622 | ||
cve@mitre.org | http://securitytracker.com/id?1015328 | ||
cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 | ||
cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 | ||
cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1044 | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1046 | ||
cve@mitre.org | http://www.debian.org/security/2006/dsa-1051 | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml | ||
cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 | ||
cve@mitre.org | http://www.mozilla.org/security/announce/mfsa2006-03.html | ||
cve@mitre.org | http://www.mozilla.org/security/history-title.html | ||
cve@mitre.org | http://www.networksecurity.fi/advisories/netscape-history.html | ||
cve@mitre.org | http://www.osvdb.org/21533 | ||
cve@mitre.org | http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html | ||
cve@mitre.org | http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2006-0199.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2006-0200.html | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/425975/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/425978/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/438730/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/438730/100/0/threaded | ||
cve@mitre.org | http://www.securityfocus.com/bid/15773 | ||
cve@mitre.org | http://www.securityfocus.com/bid/16476 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2005/2805 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/0413 | ||
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3391 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 | ||
cve@mitre.org | https://usn.ubuntu.com/271-1/ | ||
cve@mitre.org | https://usn.ubuntu.com/275-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=113404911919629&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=113405896025702&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17934 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17944 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17946 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18700 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18704 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18705 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18706 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18708 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18709 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19230 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19746 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19759 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19852 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19862 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19863 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19902 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19941 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21033 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21622 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015328 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1044 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1046 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1051 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/mfsa2006-03.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/history-title.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.networksecurity.fi/advisories/netscape-history.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21533 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0199.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0200.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/425975/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/425978/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/438730/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/438730/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15773 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/16476 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2805 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0413 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3391 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/271-1/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/275-1/ |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
k-meleon_project | k-meleon | * | |
k-meleon_project | k-meleon | 0.7 | |
k-meleon_project | k-meleon | 0.7_service_pack_1 | |
k-meleon_project | k-meleon | 0.8 | |
k-meleon_project | k-meleon | 0.8.1 | |
k-meleon_project | k-meleon | 0.8.2 | |
mozilla | firefox | * | |
mozilla | mozilla_suite | * | |
netscape | navigator | * | |
netscape | navigator | 7.1 | |
netscape | navigator | 7.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC0A29B9-A7D3-4A5A-B21A-D701D0A10C76", "versionEndIncluding": "0.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "328AFACF-FDA7-4FB5-A85E-4F349453301F", "vulnerable": true }, { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.7_service_pack_1:*:*:*:*:*:*:*", "matchCriteriaId": "ADCDD160-5239-47C5-AE7D-6060FB6E0037", "vulnerable": true }, { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "82A07303-9E74-4409-9853-8EC283734B64", "vulnerable": true }, { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C6CAF6A-4E33-444F-B2DF-A270428B8C9E", "vulnerable": true }, { "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BD39C88-D4B7-4F7D-81AC-F99A143B82E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FC40790-BCBF-4609-A7DC-5659B2233B7B", "versionEndIncluding": "1.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF9D2443-9389-42B0-BF93-3ADC1B7325EC", "versionEndIncluding": "1.7.12", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F337E57D-2918-4141-8842-A9D58DB922E5", "versionEndIncluding": "8.0.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue." } ], "evaluatorSolution": "This issue was fixed in K-Meleon version 0.9.12.", "id": "CVE-2005-4134", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-12-09T15:03:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" }, { "source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17934" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17944" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17946" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18700" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18704" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18705" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18706" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18708" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18709" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19230" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19746" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19759" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19852" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19862" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19863" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19902" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/19941" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/21033" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/21622" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015328" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" }, { "source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" }, { "source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1044" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1046" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1051" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/security/history-title.html" }, { "source": "cve@mitre.org", "url": "http://www.networksecurity.fi/advisories/netscape-history.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/21533" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15773" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16476" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2805" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0413" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3391" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/271-1/" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/275-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17934" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17944" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/17946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18700" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18704" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18705" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18706" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18708" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18709" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19746" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19759" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19852" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19863" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19941" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21033" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21622" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015328" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/security/history-title.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.networksecurity.fi/advisories/netscape-history.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/21533" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2005/2805" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3391" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/271-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/275-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://alive.znep.com/~marcs/security/mozillacookie/demo.html | Exploit | |
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html | Exploit | |
cve@mitre.org | http://www.iss.net/security_center/static/7973.php | Patch | |
cve@mitre.org | http://www.securityfocus.com/bid/3925 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://alive.znep.com/~marcs/security/mozillacookie/demo.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7973.php | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3925 | Patch |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | mozilla | 0.9.2 | |
mozilla | mozilla | 0.9.2.1 | |
mozilla | mozilla | 0.9.3 | |
mozilla | mozilla | 0.9.4 | |
mozilla | mozilla | 0.9.4.1 | |
mozilla | mozilla | 0.9.5 | |
mozilla | mozilla | 0.9.6 | |
netscape | communicator | 4.0 | |
netscape | communicator | 4.4 | |
netscape | communicator | 4.5 | |
netscape | communicator | 4.5_beta | |
netscape | communicator | 4.06 | |
netscape | communicator | 4.6 | |
netscape | communicator | 4.07 | |
netscape | communicator | 4.7 | |
netscape | communicator | 4.08 | |
netscape | communicator | 4.51 | |
netscape | communicator | 4.61 | |
netscape | communicator | 4.72 | |
netscape | communicator | 4.73 | |
netscape | communicator | 4.74 | |
netscape | communicator | 4.75 | |
netscape | communicator | 4.76 | |
netscape | communicator | 4.77 | |
netscape | communicator | 4.78 | |
netscape | navigator | 4.77 | |
netscape | navigator | 6.0 | |
netscape | navigator | 6.01 | |
netscape | navigator | 6.1 | |
netscape | navigator | 6.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B711600-425F-4FF9-BC5E-B8D182A2B9F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*", "matchCriteriaId": "213EB326-33D1-4329-A6BB-B1AA1C626E44", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*", "matchCriteriaId": "34F6328B-44A8-4E45-918E-C54285040BFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "529E3F71-6016-461D-A162-0DBDD5505389", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*", "matchCriteriaId": "31D02C4D-3FD1-425F-B0DB-7808089BCD0B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*", "matchCriteriaId": "61268CF9-E279-4F63-B228-F9ED4B93BB99", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*", "matchCriteriaId": "918BE44C-8D64-4040-BC74-802AA3FA4E10", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*", "matchCriteriaId": "6AA534C4-9411-44EC-AA34-2287C79AD235", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*", "matchCriteriaId": "3A4E8588-A941-4759-B41C-00F193F2C63B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*", "matchCriteriaId": "3E48C051-EB45-4262-86C2-2333FD5C7745", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*", "matchCriteriaId": "BA48AF1E-99EF-419C-B425-001C7134C6BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*", "matchCriteriaId": "C97DE00F-4C73-4C54-918E-D540F2C3297B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*", "matchCriteriaId": "C5A07AD2-2293-443A-9A32-316B832A5276", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*", "matchCriteriaId": "5A823994-786D-41D7-9FA7-FF8058C4AFD8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*", "matchCriteriaId": "B4613823-DA14-4BE2-986C-2EED3DB82BA7", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*", "matchCriteriaId": "FA4FBB90-8A52-41B4-B08A-53A86CF56898", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain." } ], "id": "CVE-2002-2013", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/7973.php" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/3925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/7973.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/3925" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n", "lastModified": "2006-08-30T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=102017952204097&w=2 | ||
cve@mitre.org | http://marc.info/?l=ntbugtraq&m=102020343728766&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=102017952204097&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=ntbugtraq&m=102020343728766&w=2 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "347AB95F-166E-449A-82D7-BEC10257E0D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property." } ], "id": "CVE-2002-0354", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-06-25T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1996-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true }, { "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts." } ], "id": "CVE-1999-0142", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1996-03-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-07-21 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/26082 | Vendor Advisory | |
cve@mitre.org | http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26082 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | * | |
netscape | navigator | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:9.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "25A764C3-EA07-4125-8456-554E1D12155F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la l\u00ednea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.\r\nNOTA: Se ha debatido si este asunto se produce en Explorer \u00f3 Netscape. En la fecha 20070713, la opini\u00f3n de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podr\u00eda aparecer con otros gestores de protocolos en IE.\r\n" } ], "id": "CVE-2007-3924", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-07-21T00:30:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/26082" }, { "source": "cve@mitre.org", "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/26082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
secalert@redhat.com | http://secunia.com/advisories/14938 | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/14992 | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/14996 | Patch, Vendor Advisory | |
secalert@redhat.com | http://securitytracker.com/id?1013745 | Patch | |
secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.mikx.de/firesearching/ | Exploit | |
secalert@redhat.com | http://www.mozilla.org/security/announce/mfsa2005-38.html | Vendor Advisory | |
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/13211 | Exploit, Patch | |
secalert@redhat.com | http://www.securityfocus.com/bid/15495 | ||
secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=290037 | Patch | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14938 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14992 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14996 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013745 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mikx.de/firesearching/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/mfsa2005-38.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13211 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15495 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=290037 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
netscape | navigator | 7.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", "matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", "matchCriteriaId": "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", "matchCriteriaId": "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D093FD25-94C8-49B8-A452-438023BFB105", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"" } ], "id": "CVE-2005-1156", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "secalert@redhat.com", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14938" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14992" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14996" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1013745" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://www.mikx.de/firesearching/" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/13211" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14992" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://securitytracker.com/id?1013745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.mikx.de/firesearching/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/13211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1998-12-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.1 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing." } ], "id": "CVE-1999-0869", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1998-12-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 4.0 | |
microsoft | internet_explorer | 3.0 | |
microsoft | internet_explorer | 3.0.2 | |
microsoft | internet_explorer | 3.1 | |
microsoft | internet_explorer | 3.2 | |
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 4.0.1 | |
microsoft | internet_explorer | 4.1 | |
microsoft | internet_explorer | 4.5 | |
microsoft | internet_explorer | 5.0 | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*", "matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D09FC21-1170-4399-8378-1D8353689C76", "versionEndIncluding": "4.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing." } ], "id": "CVE-1999-0827", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "1999-11-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html | Exploit, Vendor Advisory | |
cve@mitre.org | http://www.iss.net/security_center/static/10963.php | ||
cve@mitre.org | http://www.securityfocus.com/bid/6499 | ||
cve@mitre.org | http://www.securitytracker.com/id?1005871 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html | Exploit, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10963.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6499 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1005871 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "35FB74FC-4614-4325-9249-0DC887FD6C34", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages." } ], "id": "CVE-2003-1265", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/10963.php" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6499" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1005871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/10963.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/6499" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1005871" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-05-26 01:06
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/20244 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20255 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/20256 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/21532 | Vendor Advisory | |
cve@mitre.org | http://securityreason.com/securityalert/960 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/434696/100/0/threaded | ||
cve@mitre.org | https://bugzilla.mozilla.org/attachment.cgi?id=164547 | Exploit | |
cve@mitre.org | https://bugzilla.mozilla.org/show_bug.cgi?id=267645 | Patch | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26667 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20244 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20255 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20256 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21532 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/960 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/434696/100/0/threaded | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/attachment.cgi?id=164547 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=267645 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26667 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla_suite:1.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "BC0CE9DF-4E6A-4ABE-965F-7C34690ABED1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents." } ], "id": "CVE-2006-2613", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-05-26T01:06:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20244" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20255" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20256" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21532" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/960" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20244" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20255" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/20256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/21532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-07-27 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 7 | |
netscape | navigator | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*", "matchCriteriaId": "89BBC0B1-7CEE-4FC3-8076-C46F7B8540A7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*", "matchCriteriaId": "384EF27C-0939-4B80-81C2-B812528BE37A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*", "matchCriteriaId": "B76D15D8-E8CC-42D6-8A6B-3C6F6F0CC117", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*", "matchCriteriaId": "A9C35E58-BAD6-4B86-82BE-D115DB437C63", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*", "matchCriteriaId": "DAA1CEB1-810B-4B59-A837-BC27D0918F1C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*", "matchCriteriaId": "8885F708-482E-4BFB-BAAA-D4CF25043CED", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DE436EA-9F65-4B62-A11D-B102F5E5E9FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de argumento en Netscape Navigator 9 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) news, (4) snews, \u00f3 (5) telnet, asunto similar a CVE-2007-3670." } ], "id": "CVE-2007-4042", "lastModified": "2025-04-09T00:30:58.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-07-27T22:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/46832" }, { "source": "cve@mitre.org", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/46832" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc | Patch, Vendor Advisory | |
cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344 | ||
cve@mitre.org | http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=97500270012529&w=2 | ||
cve@mitre.org | http://www.osvdb.org/7207 | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2000-109.html | Patch, Vendor Advisory | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5542 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=97500270012529&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/7207 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2000-109.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5542 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netscape | communicator | * | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:communicator:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE8BCED1-674C-4050-9230-D233EFD2FD20", "versionEndIncluding": "4.75", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5B287C2-FD02-4927-BC55-991FEDDD16BD", "versionEndIncluding": "4.75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field." } ], "id": "CVE-2000-1187", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-01-09T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344" }, { "source": "cve@mitre.org", "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/7207" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/7207" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=255067 | Vendor Advisory | |
cve@mitre.org | http://marc.info/?l=bugtraq&m=109698896104418&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
cve@mitre.org | http://security.gentoo.org/glsa/glsa-200409-26.xml | ||
cve@mitre.org | http://www.kb.cert.org/vuls/id/847200 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/11171 | Vendor Advisory | |
cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA04-261A.html | US Government Resource | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=255067 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109698896104418&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200409-26.xml | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/847200 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11171 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA04-261A.html | US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | thunderbird | 0.6 | |
mozilla | thunderbird | 0.7 | |
mozilla | thunderbird | 0.7.1 | |
mozilla | thunderbird | 0.7.2 | |
mozilla | thunderbird | 0.7.3 | |
netscape | navigator | 7.0 | |
netscape | navigator | 7.0.2 | |
netscape | navigator | 7.1 | |
netscape | navigator | 7.2 | |
conectiva | linux | 9.0 | |
conectiva | linux | 10.0 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 2.1 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux | 3.0 | |
redhat | enterprise_linux_desktop | 3.0 | |
redhat | fedora_core | core_1.0 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 7.3 | |
redhat | linux | 9.0 | |
redhat | linux_advanced_workstation | 2.1 | |
redhat | linux_advanced_workstation | 2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8E2A68B4-9101-4AC5-9E82-EEB5A5405541", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "70DDB53E-7A12-4A08-8999-DB68E6DF901E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "6514EDE8-7C78-4C72-A313-E0915D89E4EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows." } ], "id": "CVE-2004-0904", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/847200" }, { "source": "cve@mitre.org", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11171" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/847200" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/11171" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:navigator:4:*:*:*:*:*:*:*", "matchCriteriaId": "A7A6E0CF-A734-45B5-A390-D420C19590D8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." } ], "id": "CVE-2003-1560", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4004" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/348574" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/348574" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/archive/1/319919 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/7456 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/11924 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/319919 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/7456 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/11924 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end." } ], "id": "CVE-2003-1492", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2003-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/319919" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/7456" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/319919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/7456" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=162134 | Exploit | |
cve@mitre.org | http://secunia.com/advisories/12392 | ||
cve@mitre.org | http://www.securityfocus.com/archive/1/373080 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/373232 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/archive/1/373309 | Exploit | |
cve@mitre.org | http://www.securityfocus.com/bid/11059 | Exploit | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=162134 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12392 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/373080 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/373232 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/373309 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11059 | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs." } ], "id": "CVE-2004-1753", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/12392" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373080" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373232" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373309" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11059" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373080" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373232" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/archive/1/373309" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/11059" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
▶ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
secalert@redhat.com | http://secunia.com/advisories/14938 | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/14992 | Patch, Vendor Advisory | |
secalert@redhat.com | http://secunia.com/advisories/14996 | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.mikx.de/firesearching/ | Exploit | |
secalert@redhat.com | http://www.mozilla.org/security/announce/mfsa2005-38.html | Vendor Advisory | |
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/13211 | Exploit, Patch | |
secalert@redhat.com | http://www.securityfocus.com/bid/15495 | ||
secalert@redhat.com | https://bugzilla.mozilla.org/show_bug.cgi?id=290037 | Patch | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 | ||
secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14938 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14992 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14996 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mikx.de/firesearching/ | Exploit | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/mfsa2005-38.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-384.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13211 | Exploit, Patch | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15495 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=290037 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | firefox | 0.8 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9 | |
mozilla | firefox | 0.9.1 | |
mozilla | firefox | 0.9.2 | |
mozilla | firefox | 0.9.3 | |
mozilla | firefox | 0.10 | |
mozilla | firefox | 0.10.1 | |
mozilla | firefox | 1.0 | |
mozilla | firefox | 1.0.1 | |
mozilla | firefox | 1.0.2 | |
mozilla | mozilla | 1.3 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4 | |
mozilla | mozilla | 1.4.1 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5 | |
mozilla | mozilla | 1.5.1 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.6 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7 | |
mozilla | mozilla | 1.7.1 | |
mozilla | mozilla | 1.7.2 | |
mozilla | mozilla | 1.7.3 | |
mozilla | mozilla | 1.7.5 | |
mozilla | mozilla | 1.7.6 | |
netscape | navigator | 7.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", "matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", "matchCriteriaId": "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", "matchCriteriaId": "F610FFD5-DF37-4075-AE8B-8D89DF6205A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D093FD25-94C8-49B8-A452-438023BFB105", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "3346E7D0-D7EF-4182-BD86-837F14EEB9FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "EFA659B9-2A00-45A6-A462-4E0A20FB7F81", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\"" } ], "id": "CVE-2005-1157", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-05-02T04:00:00.000", "references": [ { "source": "secalert@redhat.com", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14938" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14992" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14996" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "http://www.mikx.de/firesearching/" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/13211" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14938" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14992" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/14996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.mikx.de/firesearching/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/13211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | ||
cve@mitre.org | http://online.securityfocus.com/archive/1/270249 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/advisories/8039 | ||
cve@mitre.org | http://www.iss.net/security_center/static/8976.php | ||
cve@mitre.org | http://www.securityfocus.com/bid/4637 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/270249 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/8039 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8976.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4637 | Exploit, Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:communicator:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F009302-6798-4189-BE56-FB8E67C64592", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI." } ], "id": "CVE-2002-0593", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-06-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/8039" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8976.php" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4637" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://online.securityfocus.com/archive/1/270249" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/8039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8976.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4637" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=102796732924658&w=2 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=102798282208686&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=102796732924658&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=102798282208686&w=2 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "10E59CDD-9F95-4E38-95B3-AC5C35075378", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain." } ], "id": "CVE-2002-0815", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-08-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
cve@mitre.org | http://bugzilla.mozilla.org/show_bug.cgi?id=246448 | ||
cve@mitre.org | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
cve@mitre.org | http://secunia.com/advisories/11978 | Vendor Advisory | |
cve@mitre.org | http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ | Vendor Advisory | |
cve@mitre.org | http://www.debian.org/security/2005/dsa-777 | ||
cve@mitre.org | http://www.debian.org/security/2005/dsa-810 | ||
cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 | ||
cve@mitre.org | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-421.html | ||
cve@mitre.org | http://www.securityfocus.com/bid/15495 | ||
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756 | ||
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997 | ||
af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | ||
af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.mozilla.org/show_bug.cgi?id=246448 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109900315219363&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11978 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-777 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-810 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2004_36_mozilla.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-421.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15495 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997 |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability." }, { "lang": "es", "value": "Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"." } ], "id": "CVE-2004-0718", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "cve@mitre.org", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2005/dsa-777" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2005/dsa-810" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/11978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2005/dsa-777" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2005/dsa-810" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-01-12 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=94790377622943&w=2 | ||
cve@mitre.org | http://www.iss.net/security_center/static/4385.php | ||
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=94790377622943&w=2 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/4385.php |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netscape | communicator | 4.7 | |
netscape | navigator | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F", "vulnerable": true }, { "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext." } ], "id": "CVE-2000-0087", "lastModified": "2025-04-03T01:03:51.193", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-01-12T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/4385.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/4385.php" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }